DDA driver was not installed

[Cynikal]

Accidently downloaded a rootkit.

Having issues running MalwareBytes Anti-Rootkit BETA v1.09.4.1001. -- "DDA driver was not installed", click yes to install after reboot, says it can't.

I've ran the "fixdamage", and it seems to work after reboot, but when i tell the software to clean the rootkit, it reboots, try to run anti rootkit again, same issue with DDA, do another fixdamage, do a scan, and all the files are still infected (1100+, mostly .vbs files)

 

 

Addition.txt

FRST.txt

malwarescan.txt

[Cynikal]

Forgot to add the mbar log:

mbar-log-2017-09-06 (16-50-15).txt

mbar-log-2017-09-06 (19-06-48).txt

mbar-log-2017-09-07 (08-59-08).txt

[Aura]

Hi Cynikal

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

Delete the MBAR executable you downloaded and its folder. Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after. 
 

[Cynikal]

Posted the Initial scan, I messed up and had all 3 settings selected (Drivers, Sectors, and System).

Did the cleanup, did the reboot. Ran another scan for just drivers (came back clean).


I'm doing another scan now for driver/sectors/system to see if anything else shows up.

mbar-log-2017-09-14 (18-29-49) (Driver Sectors System) - initial.txt

mbar-log-2017-09-14 (19-00-45) (Drivers Only) - after reboot cleanup.txt

[Aura]

Good  Now you should be able to install and run a scan with Malwarebytes (after your current scan).

Malwarebytes - Clean Mode

• Download and install the free version of Malwarebytes
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
• Let the scan run, the time required to complete the scan depends of your system and computer specs
• Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
  
  • If it asks you to restart your computer to complete the removal, do so
    
• Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
  

[Cynikal]

Rootkit just finished again with all 3 options selected (Drivers, Sectors, and System). Came back clean. (this is a first).

 

Running Malware Bytes Premium Trial 3.2.2 now for a threat scan.

[Cynikal]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/14/17
Scan Time: 7:20 PM
Log File: 7ef2fe8c-99bc-11e7-b9df-1c1b0d65db04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2806
License: Trial

-System Information-
OS: Windows 10 (Build 15063.608)
CPU: x64
File System: NTFS
User: TIM-PC\cynik

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457999
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

[Cynikal]

Also, now my start button for Windows 10 isn't working.

 

"Microsoft.Windows.ShellExperienceHost" and "Microsoft.Windows.Cortana" applications need to be installed correctly.

[Aura]

We'll address your start button after the clean-up  Now, let's do a sweep with AdwCleaner and RogueKiller.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the EULA (I accept), then click on Scan
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
  

RogueKiller

• Download the right version of RogueKiller for your Windows version (32 or 64-bit)
• Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
• Wait for the scan to complete
• On completion, the results will be displayed
• Check every single entry (threat found), and click on the Remove Selected button
• On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
• This will open the report in Notepad. Copy/paste its content in your next reply
  

Your next reply(ies) should therefore contain:

• Copy/pasted AdwCleaner clean log
• Copy/pasted RogueKiller clean log
  

[Cynikal]

# AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 15 15:39:09 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: AdvancedSystemCareService10

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\cynik\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\cynik\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

***** [ Files ] *****

Deleted: C:\END
Deleted: C:\Users\All Users\Desktop\Advanced SystemCare 10.lnk
Deleted: C:\Users\cynik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
Deleted: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
Deleted: C:\Users\All Users\Desktop\\Smart Defrag 5.lnk
Deleted: C:\Users\Public\Desktop\\Smart Defrag 5.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: ASC10_PerformanceMonitor
Deleted: ASC10_SkipUac_cynik

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Value] - HKU\S-1-5-21-225795373-1205061139-3748372482-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted: [Key] - HKU\S-1-5-21-225795373-1205061139-3748372482-1001\Software\Spark
Deleted: [Key] - HKCU\Software\Spark

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3777 B] - [2017/9/15 15:33:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : cynik [Administrator]
Started from : C:\Users\cynik\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 09/15/2017 08:56:13 (Duration : 00:34:34)

¤¤¤ Processes : 4 ¤¤¤
[Suspicious.Path] tawk-desktop.exe(1512) -- C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe[-] -> Found
[Suspicious.Path] tawk-desktop.exe(9868) -- C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe[-] -> Found
[Suspicious.Path] tawk-desktop.exe(10056) -- C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe[-] -> Found
[Suspicious.Path] tawk-desktop.exe(9804) -- C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe[-] -> Found

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\RK_defaultuser0_ON_D_B80E\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\cynik\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_defaultuser0_ON_D_B80E\Software\Microsoft\Windows\CurrentVersion\Run | DashlanePlugin : "C:\Users\cynik\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_defaultuser0_ON_D_B80E\Software\Microsoft\Windows\CurrentVersion\Run | com.squirrel.slack.slack : "C:\Users\cynik\AppData\Local\slack\Update.exe" --processStart "slack.exe" --process-start-args "--startup" [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_defaultuser0_ON_D_B80E\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\cynik\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_defaultuser0_ON_D_B80E\Software\Microsoft\Windows\CurrentVersion\Run | DashlanePlugin : "C:\Users\cynik\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_defaultuser0_ON_D_B80E\Software\Microsoft\Windows\CurrentVersion\Run | com.squirrel.slack.slack : "C:\Users\cynik\AppData\Local\slack\Update.exe" --processStart "slack.exe" --process-start-args "--startup" [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-225795373-1205061139-3748372482-1001\Software\Microsoft\Windows\CurrentVersion\Run | Tawk-desktop : C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe [-] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-225795373-1205061139-3748372482-1001\Software\Microsoft\Windows\CurrentVersion\Run | Tawk-desktop : C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe [-] -> Found
[PUP.HackTool|VT.Trojan.Win32.Generic!BT] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMSEmulator ("C:\ProgramData\KMSAuto\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -PO16 RandomKMSPID -AI 43200 -RI 43200 -Log -IP) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 8 ¤¤¤
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto -> Found
[Tr.Gen0][File] C:\Users\cynik\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\cynik\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\cynik\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\cynik\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\cynik\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\cynik\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Found
[PUP.Ask|PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.trovi.com/?gd=&ctid=CT3335112&octid=EB_ORIGINAL_CTID&ISID=M6A8C937E-8E97-4D04-BF51-FC055A902539&SearchSource=55&CUI=&UM=8&UP=SPAFD168A1-0257-42C2-8D63-D5E33E7233BC&D=011016&SSPV=] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2003FZEX-00Z4SA0 +++++
--- User ---
[MBR] 563c0503c370ab5fcaf28f3f3e0563cf
[BSP] df48b984a341f37220fd300d545f11c3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1502FAEX-007BA0 +++++
--- User ---
[MBR] 05cca6b08d22ae6831047844b393397d
[BSP] 23eb1dc76e5fc769626afd2c7f67dfa1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 1429511 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2928666624 | Size: 784 MB
User = LL1 ... OK
User = LL2 ... OK

 

[Aura]

Are you using the tawk.to Windows Desktop Client?

https://www.tawk.to/tawk-to-for-windows/

[Cynikal]

Yes, as well as Dashlane.

I cleared everything that I didn't recognize, such as the KMS stuff.

[Aura]

Good Now, let's run a new scan with FRST and see if there are any remnants left to remove.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
• Click on the Scan button
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply
  

[Cynikal]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
Ran by cynik (administrator) on TIM-PC (16-09-2017 08:08:45)
Running from C:\Users\cynik\Desktop\AntiVirus
Loaded Profiles: cynik (Available Profiles: defaultuser0 & cynik)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowFX\WindowFXSRV.exe
() C:\Program Files (x86)\Stardock\WindowFX\wfx32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dashlane, Inc.) C:\Users\cynik\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane, Inc.) C:\Users\cynik\AppData\Roaming\Dashlane\DashlanePlugin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
() C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
() C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
() C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-version-1.0.0\tawk-desktop.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(Slack Technologies) C:\Users\cynik\AppData\Local\slack\app-2.8.0\slack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files (x86)\Pandora\Pandora.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-05-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4357560 2017-06-13] (Stardock Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600096 2017-02-13] (Razer Inc)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\etro.exe [5632 2016-10-03] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Run: [Dashlane] => C:\Users\cynik\AppData\Roaming\Dashlane\Dashlane.exe [505808 2017-09-05] (Dashlane, Inc.)
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Run: [DashlanePlugin] => C:\Users\cynik\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-09-05] (Dashlane, Inc.)
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Run: [Tawk-desktop] => C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe [62813205 2015-07-06] ()
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\cynik\AppData\Local\slack\Update.exe [1584656 2017-09-12] ()
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Run: [Fences] => c:\program files (x86)\stardock\fences\Fences.exe [4357560 2017-06-13] (Stardock Corporation)
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-225795373-1205061139-3748372482-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-07-23]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{075ecbef-918b-487d-b4b9-c5e298d387d3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{075ecbef-918b-487d-b4b9-c5e298d387d3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{0ccb821e-2070-405e-954c-d4038cb57a56}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{113abcb0-e9d2-46db-85ce-aacb841c090c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{113abcb0-e9d2-46db-85ce-aacb841c090c}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{d058a7a8-5165-46ef-ac72-924c19eb8c3f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d058a7a8-5165-46ef-ac72-924c19eb8c3f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{f9764204-13dd-4c57-918e-73381b7a47b5}: [NameServer] 8.8.8.8

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-12] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-12] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\cynik\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-09-05] (Dashlane, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\cynik\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-09-05] (Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: np3gbav4.default
FF DefaultProfile: cynikal33@hotmail.com
FF ProfilePath: C:\Users\cynik\AppData\Roaming\Mozilla\Firefox\Profiles\np3gbav4.default [2017-09-14]
FF user.js: detected! => C:\Users\cynik\AppData\Roaming\Mozilla\Firefox\Profiles\np3gbav4.default\user.js [2017-08-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\np3gbav4.default -> Google
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\cynik\AppData\Roaming\Mozilla\Firefox\Profiles\np3gbav4.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2017-07-05]
FF Extension: (Dashlane) - C:\Users\cynik\AppData\Roaming\Mozilla\Firefox\Profiles\np3gbav4.default\Extensions\jetpack-extension@dashlane.com.xpi [2017-08-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-12] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Profile: C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default [2017-09-16]
CHR Extension: (Google Slides) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-15]
CHR Extension: (Google Docs) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-15]
CHR Extension: (Google Drive) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-15]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-09-01]
CHR Extension: (YouTube) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-15]
CHR Extension: (Honey) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-15]
CHR Extension: (Adobe Acrobat) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Dashlane Secure Password Manager) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-08-29]
CHR Extension: (Google Sheets) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-15]
CHR Extension: (Google Docs Offline) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-15]
CHR Extension: (AdBlock) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-02]
CHR Extension: (Darkness - Beautiful Dark Themes) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\imilbobhamcfahccagbncamhpnbkaenm [2017-09-10]
CHR Extension: (Web Scraper) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\cynik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\cynik\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-08-25] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-09-04] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-09-04] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2017-05-21] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2017-05-21] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-29] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-12] (Dropbox, Inc.)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [144816 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S3 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-11-16] (Microsoft)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [118192 2016-12-16] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2193088 2017-05-19] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [123312 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Origin Client Service; D:\EAOrigin\OriginClientService.exe [2098528 2017-08-14] (Electronic Arts)
S2 Origin Web Helper Service; D:\EAOrigin\OriginWebHelperService.exe [2977632 2017-08-14] (Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-07-02] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [179840 2017-06-20] (Razer Inc.)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed]
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1830088 2016-01-18] (Intel Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-06-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-08-06] (Microsoft Corporation)
R2 WindowFX; C:\Program Files (x86)\Stardock\WindowFX\WindowFXSrv.exe [181904 2014-06-12] (Stardock Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S3 cpuz138; C:\Users\cynik\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2017-09-14] (CPUID) <==== ATTENTION
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [544744 2017-05-25] (Intel Corporation)
R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164560 2017-05-17] (Qualcomm Atheros, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-09-09] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-29] (REALiX(tm))
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [45024 2017-06-12] (IObit.com)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-19] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-14] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-16] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-21] (NVIDIA Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [125136 2017-05-19] (Rivet Networks, LLC.)
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-09-06] (Malwarebytes Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-07-17] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-07-17] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-16 08:07 - 2017-09-16 08:07 - 002398720 _____ (Farbar) C:\Users\cynik\Downloads\FRST64.exe
2017-09-15 17:17 - 2017-09-15 17:17 - 000000000 ____D C:\Users\cynik\AppData\Local\AutomationGame
2017-09-15 13:48 - 2017-09-15 13:48 - 006357296 _____ C:\Users\cynik\Downloads\PathfindingProject_Pro_WebsiteDownload_4_0_11_cdebea3b.zip
2017-09-15 13:01 - 2017-09-15 13:01 - 000001557 _____ C:\Users\cynik\Desktop\Pocket Mortys.lnk
2017-09-15 08:56 - 2017-09-15 08:56 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-15 08:48 - 2017-09-15 08:48 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-15 08:36 - 2017-09-15 12:58 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-15 08:36 - 2017-09-15 08:36 - 026685000 _____ C:\Users\cynik\Desktop\RogueKiller_portable64.exe
2017-09-15 08:35 - 2017-09-15 08:35 - 035835424 _____ (Adlice Software ) C:\Users\cynik\Downloads\setup.exe
2017-09-15 08:32 - 2017-09-15 08:39 - 000000000 ____D C:\AdwCleaner
2017-09-15 08:32 - 2017-09-15 08:32 - 008182736 _____ (Malwarebytes) C:\Users\cynik\Desktop\AdwCleaner.exe
2017-09-14 21:04 - 2017-09-14 21:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-14 20:27 - 2017-09-14 20:27 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-14 20:26 - 2017-09-14 20:49 - 000244704 _____ C:\WINDOWS\ntbtlog.txt
2017-09-14 19:18 - 2017-09-14 19:18 - 000000000 ____D C:\Users\cynik\AppData\Local\ElevatedDiagnostics
2017-09-14 19:15 - 2017-09-14 19:15 - 000406582 _____ C:\Users\cynik\Downloads\startmenu.diagcab
2017-09-14 18:52 - 2017-09-14 18:52 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\76C54366.sys
2017-09-14 18:29 - 2017-09-14 19:20 - 000000000 ____D C:\Users\cynik\Desktop\mbar
2017-09-14 18:29 - 2017-09-14 19:00 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1F7306CB.sys
2017-09-14 18:29 - 2017-09-14 18:29 - 013290179 _____ C:\Users\cynik\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-14 18:25 - 2017-09-14 18:25 - 000090489 _____ C:\Users\cynik\Downloads\Addition.txt
2017-09-14 18:25 - 2017-09-14 18:25 - 000068671 _____ C:\Users\cynik\Downloads\FRST.txt
2017-09-14 18:25 - 2017-09-14 18:25 - 000001985 _____ C:\Users\cynik\Downloads\malwarescan.txt
2017-09-14 16:05 - 2017-09-04 22:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-14 16:05 - 2017-09-04 22:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-14 16:05 - 2017-09-04 22:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-14 16:05 - 2017-09-04 22:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-14 16:05 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-14 16:05 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-14 16:05 - 2017-09-04 22:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-14 16:05 - 2017-09-04 22:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-14 16:05 - 2017-09-04 22:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-14 16:05 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-14 16:05 - 2017-09-04 22:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-14 16:05 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-14 16:05 - 2017-09-04 22:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-14 16:05 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-14 16:05 - 2017-09-04 22:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-14 16:05 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-14 16:05 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-14 16:05 - 2017-09-04 22:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-14 16:05 - 2017-09-04 22:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-14 16:05 - 2017-09-04 22:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-14 16:05 - 2017-09-04 22:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-14 16:05 - 2017-09-04 22:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-14 16:05 - 2017-09-04 22:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-14 16:05 - 2017-09-04 22:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-14 16:05 - 2017-09-04 22:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-14 16:05 - 2017-09-04 22:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-14 16:05 - 2017-09-04 22:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-14 16:05 - 2017-09-04 22:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-14 16:05 - 2017-09-04 22:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-14 16:05 - 2017-09-04 22:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-14 16:05 - 2017-09-04 22:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-14 16:05 - 2017-09-04 22:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-14 16:05 - 2017-09-04 22:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-14 16:05 - 2017-09-04 22:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-14 16:05 - 2017-09-04 22:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-14 16:05 - 2017-09-04 22:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-14 16:05 - 2017-09-04 22:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-14 16:05 - 2017-09-04 22:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-14 16:05 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-14 16:05 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-14 16:05 - 2017-09-04 22:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-14 16:05 - 2017-09-04 22:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-14 16:05 - 2017-09-04 22:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-14 16:05 - 2017-09-04 21:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-14 16:05 - 2017-09-04 21:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-14 16:05 - 2017-09-04 21:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-14 16:05 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-14 16:05 - 2017-09-04 21:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-14 16:05 - 2017-09-04 21:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-14 16:05 - 2017-09-04 21:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-14 16:05 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-14 16:05 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-14 16:05 - 2017-09-04 21:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-14 16:05 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-14 16:05 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-14 16:05 - 2017-09-04 21:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-14 16:05 - 2017-09-04 21:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-14 16:05 - 2017-09-04 21:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-14 16:05 - 2017-09-04 21:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-14 16:05 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-14 16:05 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-14 16:05 - 2017-09-04 21:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-14 16:05 - 2017-09-04 21:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-14 16:05 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-14 16:05 - 2017-09-04 21:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-14 16:05 - 2017-09-04 21:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-14 16:05 - 2017-09-04 21:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-14 16:05 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-14 16:05 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-14 16:05 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-14 16:05 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-14 16:05 - 2017-09-04 21:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-14 16:05 - 2017-09-04 21:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-14 16:05 - 2017-09-04 21:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-14 16:05 - 2017-09-04 21:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-14 16:05 - 2017-09-04 21:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-14 16:05 - 2017-09-04 21:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-14 16:05 - 2017-09-04 21:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-14 16:05 - 2017-09-04 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-14 16:05 - 2017-09-04 21:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-14 16:05 - 2017-09-04 21:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-14 16:05 - 2017-09-04 21:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-14 16:05 - 2017-09-04 21:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-14 16:05 - 2017-09-04 21:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-14 16:05 - 2017-09-04 21:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-14 16:05 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-14 16:05 - 2017-09-04 21:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-14 16:05 - 2017-09-04 21:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-14 16:05 - 2017-09-04 21:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-14 16:05 - 2017-09-04 21:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-14 16:05 - 2017-09-04 21:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-14 16:05 - 2017-09-04 21:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-14 16:05 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-14 16:05 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-14 16:05 - 2017-09-04 21:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-14 16:05 - 2017-09-04 21:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-14 16:05 - 2017-09-04 21:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-14 16:05 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-14 16:05 - 2017-09-04 21:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-14 16:05 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-14 16:05 - 2017-09-04 21:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-14 16:05 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-14 16:05 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-14 16:05 - 2017-09-04 21:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-14 16:05 - 2017-09-04 21:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-14 16:05 - 2017-09-04 21:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-14 16:05 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-14 16:05 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-14 16:05 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-14 16:05 - 2017-09-04 21:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-14 16:05 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-14 16:05 - 2017-09-04 21:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-14 16:05 - 2017-09-04 21:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-14 16:05 - 2017-09-04 21:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-14 16:05 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-14 16:05 - 2017-09-04 21:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-14 16:05 - 2017-09-04 21:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-14 16:05 - 2017-09-04 21:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-14 16:05 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-14 16:05 - 2017-09-04 21:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-14 16:05 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-14 16:05 - 2017-09-04 21:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-14 16:05 - 2017-09-04 21:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-09-14 16:05 - 2017-09-04 21:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-14 16:05 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-14 16:05 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-14 16:05 - 2017-09-04 21:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-14 16:05 - 2017-09-04 21:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-14 16:05 - 2017-09-04 21:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-14 16:05 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-14 16:05 - 2017-09-04 21:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-14 16:05 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-14 16:05 - 2017-09-04 21:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-14 16:05 - 2017-09-04 21:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-14 16:05 - 2017-09-04 21:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-14 16:05 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-09-14 16:05 - 2017-09-04 21:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-14 16:05 - 2017-09-04 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-14 16:05 - 2017-09-04 21:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-14 16:05 - 2017-09-04 21:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-14 16:05 - 2017-09-04 21:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-14 16:05 - 2017-09-04 21:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-14 16:05 - 2017-09-04 21:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-14 16:05 - 2017-09-04 21:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-14 16:05 - 2017-09-04 21:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-14 16:05 - 2017-09-04 21:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-14 16:05 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-14 16:05 - 2017-09-04 21:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-14 16:05 - 2017-09-04 21:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-14 16:05 - 2017-09-04 21:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-14 16:05 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-14 16:05 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-14 16:05 - 2017-09-04 21:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-14 16:05 - 2017-09-04 21:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-14 16:05 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-14 16:05 - 2017-09-04 21:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-14 16:05 - 2017-09-04 21:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-14 16:05 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-14 16:05 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-14 16:05 - 2017-08-31 22:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-14 16:04 - 2017-09-04 22:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-14 16:04 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-14 16:04 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-14 16:04 - 2017-09-04 22:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-14 16:04 - 2017-09-04 22:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-14 16:04 - 2017-09-04 22:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-14 16:04 - 2017-09-04 22:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-14 16:04 - 2017-09-04 22:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-14 16:04 - 2017-09-04 22:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-14 16:04 - 2017-09-04 22:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-14 16:04 - 2017-09-04 22:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-14 16:04 - 2017-09-04 22:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-14 16:04 - 2017-09-04 22:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-14 16:04 - 2017-09-04 22:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-14 16:04 - 2017-09-04 22:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-14 16:04 - 2017-09-04 22:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-14 16:04 - 2017-09-04 22:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-14 16:04 - 2017-09-04 21:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-14 16:04 - 2017-09-04 21:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-14 16:04 - 2017-09-04 21:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-14 16:04 - 2017-09-04 21:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-14 16:04 - 2017-09-04 21:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-14 16:04 - 2017-09-04 21:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-14 16:04 - 2017-09-04 21:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-14 16:04 - 2017-09-04 21:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-14 16:04 - 2017-09-04 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-14 16:04 - 2017-09-04 21:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-14 16:04 - 2017-09-04 21:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-14 16:04 - 2017-09-04 21:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-14 16:04 - 2017-09-04 21:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-14 16:04 - 2017-09-04 21:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-14 16:04 - 2017-09-04 21:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-14 16:04 - 2017-09-04 21:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-14 16:04 - 2017-09-04 21:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-14 16:04 - 2017-09-04 21:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-14 16:04 - 2017-09-04 21:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-14 16:04 - 2017-09-04 21:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-14 16:04 - 2017-09-04 21:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-14 16:04 - 2017-09-04 21:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-14 16:04 - 2017-09-04 21:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-14 16:04 - 2017-09-04 21:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-14 16:04 - 2017-09-04 21:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-14 16:04 - 2017-09-04 21:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-14 16:04 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-14 16:04 - 2017-09-04 21:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-14 16:04 - 2017-09-04 21:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-14 16:04 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-14 16:04 - 2017-09-04 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-14 16:04 - 2017-09-04 21:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-14 16:04 - 2017-09-04 21:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-14 16:04 - 2017-09-04 21:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-14 16:04 - 2017-09-04 21:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-14 16:04 - 2017-09-04 21:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-14 16:04 - 2017-09-04 21:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-14 14:01 - 2017-09-14 14:01 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\72296468.sys
2017-09-14 14:00 - 2017-09-15 08:41 - 022544384 _____ C:\WINDOWS\system32\config\SYSTEM
2017-09-14 13:58 - 2017-09-14 13:58 - 022282240 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-14 13:53 - 2017-09-14 13:53 - 000001282 _____ C:\Users\cynik\Downloads\MalwareBytesScan.txt
2017-09-14 13:49 - 2017-09-16 08:08 - 000000000 ____D C:\Users\cynik\Desktop\AntiVirus
2017-09-14 13:45 - 2017-09-14 14:24 - 000000960 _____ C:\Users\Public\Desktop\Unity 2017.1.1f1 (64-bit).lnk
2017-09-14 13:45 - 2017-09-14 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.1.1f1 (64-bit)
2017-09-14 13:35 - 2017-09-14 13:35 - 000736008 _____ C:\Users\cynik\Downloads\UnityDownloadAssistant-2017.1.1f1.exe
2017-09-14 05:41 - 2017-09-14 05:41 - 000001956 _____ C:\Users\cynik\Desktop\Dashlane.lnk
2017-09-13 17:52 - 2017-09-13 17:52 - 000178529 _____ C:\Users\cynik\Downloads\CustomSTMT2017Jun01_2017Aug31.PDF
2017-09-13 17:52 - 2017-09-13 17:52 - 000126634 _____ C:\Users\cynik\Downloads\MonthlySalesReport.pdf
2017-09-13 17:50 - 2017-09-13 17:50 - 000139157 _____ C:\Users\cynik\Downloads\Download (1).PDF
2017-09-13 17:48 - 2017-09-13 17:48 - 000139157 _____ C:\Users\cynik\Downloads\Download.PDF
2017-09-12 14:34 - 2017-09-02 08:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-12 14:34 - 2017-09-02 08:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 13:22 - 2017-09-12 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-12 10:18 - 2017-09-12 10:23 - 000000000 ____D C:\Users\cynik\Desktop\New folder
2017-09-12 08:26 - 2017-09-12 08:26 - 000000000 ____D C:\Users\cynik\AppData\LocalLow\Code Horizon
2017-09-12 01:22 - 2017-09-12 01:22 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-12 01:22 - 2017-09-12 01:22 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-12 01:22 - 2017-09-12 01:22 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-12 01:22 - 2017-09-12 01:22 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-12 00:43 - 2017-09-12 00:43 - 000002205 _____ C:\Users\cynik\Desktop\Slack.lnk
2017-09-10 20:21 - 2017-09-10 22:14 - 000000000 ____D C:\Users\cynik\AppData\Roaming\BlueStacksFriends
2017-09-10 20:21 - 2017-09-10 22:14 - 000000000 ____D C:\Users\cynik\AppData\Local\BlueStacksFriends
2017-09-10 20:21 - 2017-09-10 20:21 - 000002445 _____ C:\Users\cynik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacksFriends.lnk
2017-09-10 20:21 - 2017-09-10 20:21 - 000002437 _____ C:\Users\cynik\Desktop\BlueStacksFriends.lnk
2017-09-10 20:17 - 2017-09-10 20:17 - 000000621 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-09-10 20:17 - 2017-09-10 20:17 - 000000000 ____D C:\Program Files (x86)\BlueStacks.old
2017-09-10 20:17 - 2017-09-10 20:17 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-09-10 14:10 - 2017-09-10 14:10 - 000000000 ____D C:\Users\cynik\AppData\LocalLow\Squeaky Wheel
2017-09-09 19:54 - 2017-09-09 19:54 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-09-09 19:49 - 2017-09-09 19:54 - 000000000 ____D C:\Program Files (x86)\DOSBox-0.74
2017-09-09 19:49 - 2017-09-09 19:49 - 000001987 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2017-09-09 19:49 - 2017-09-09 19:49 - 000000000 ____D C:\Users\cynik\AppData\Local\DOSBox
2017-09-09 19:49 - 2017-09-09 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2017-09-09 12:41 - 2017-09-09 12:43 - 000746460 _____ C:\WINDOWS\Minidump\090917-32890-01.dmp
2017-09-07 10:34 - 2017-09-07 10:34 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\724E2325.sys
2017-09-06 21:25 - 2017-09-06 21:25 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0A3947D5.sys
2017-09-06 19:03 - 2017-09-06 19:03 - 000002735 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
2017-09-06 18:35 - 2017-09-16 08:08 - 000000000 ____D C:\FRST
2017-09-06 17:57 - 2017-09-06 17:57 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\75C7284D.sys
2017-09-06 17:52 - 2017-09-06 17:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2A62241E.sys
2017-09-06 17:50 - 2017-09-06 17:50 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3FB322EB.sys
2017-09-06 17:49 - 2017-09-06 17:49 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6D872143.sys
2017-09-06 17:47 - 2017-09-06 17:47 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\29E420EE.sys
2017-09-06 17:44 - 2017-09-14 19:10 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-06 17:44 - 2017-09-06 17:44 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3AE11E36.sys
2017-09-06 17:43 - 2017-09-09 12:41 - 1126258293 _____ C:\WINDOWS\MEMORY.DMP
2017-09-06 17:31 - 2017-09-06 17:31 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-09-06 16:49 - 2017-09-14 19:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-06 11:46 - 2017-09-06 11:46 - 001129882 _____ C:\Users\cynik\Documents\FFBT_Cobb-Subaru-V2.1SD_setup_guide.pdf
2017-09-05 19:41 - 2017-09-05 19:41 - 000001059 _____ C:\Users\Public\Desktop\Navicat Premium.lnk
2017-09-05 18:35 - 2017-09-05 18:35 - 000000000 ____D C:\Users\cynik\OpenVPN
2017-09-05 12:13 - 2017-09-05 12:13 - 000002990 _____ C:\Users\cynik\Desktop\KMSAuto Net.lnk
2017-09-05 11:52 - 2017-09-14 12:43 - 000000000 ____D C:\ProgramData\ProductData
2017-09-05 11:51 - 2017-09-05 11:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66C64225.sys
2017-09-05 11:51 - 2017-09-05 11:51 - 000000000 ____D C:\ProgramData\LHService
2017-09-05 11:37 - 2017-09-05 11:37 - 000000000 ____D C:\ProgramData\LockHunter
2017-09-05 11:34 - 2017-09-05 11:34 - 000000000 ____D C:\Users\cynik\AppData\Roaming\LockHunter
2017-09-05 11:34 - 2017-09-05 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2017-09-05 11:34 - 2017-09-05 11:34 - 000000000 ____D C:\Program Files\LockHunter
2017-09-05 11:13 - 2017-09-16 05:01 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-05 11:13 - 2017-09-15 08:48 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-05 11:13 - 2017-09-14 20:27 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-05 11:12 - 2017-09-15 08:48 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-05 11:12 - 2017-09-09 12:44 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-05 11:12 - 2017-09-05 11:12 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-05 11:12 - 2017-09-05 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-05 09:15 - 2017-09-05 09:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-09-05 08:32 - 2017-09-06 16:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-05 08:32 - 2017-09-05 08:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-05 08:25 - 2017-09-05 08:25 - 000001457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-09-05 08:25 - 2017-09-05 08:25 - 000001445 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-09-05 08:17 - 2017-09-05 08:17 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2017-09-05 08:16 - 2017-09-14 18:53 - 000000000 ____D C:\Users\cynik\AppData\Local\vmtndqd
2017-09-05 08:16 - 2017-09-06 17:35 - 000000000 ____D C:\Users\cynik\AppData\Local\ctfetps
2017-09-05 08:11 - 2017-09-05 08:11 - 000000000 ____D C:\WINDOWS\system32\imebmoo
2017-09-04 15:06 - 2017-09-04 15:06 - 000000000 ____D C:\Users\cynik\AppData\Roaming\NCSOFT
2017-09-04 15:06 - 2017-09-04 15:06 - 000000000 ____D C:\Users\cynik\AppData\Local\NCSOFT
2017-09-04 00:26 - 2017-09-04 01:29 - 000000000 ____D C:\Users\cynik\AppData\Roaming\FreeCAD
2017-09-04 00:26 - 2017-09-04 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.16
2017-09-04 00:25 - 2017-09-04 00:26 - 000000000 ____D C:\Program Files\FreeCAD 0.16
2017-09-02 12:24 - 2017-09-02 12:24 - 000000000 ____D C:\Users\cynik\AppData\LocalLow\Lighthouse Games Studio
2017-08-29 11:48 - 2017-08-29 11:48 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 08:05 - 2017-09-14 18:52 - 000439960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-28 12:16 - 2017-08-28 12:16 - 000000960 _____ C:\Users\Public\Desktop\Unity 2017.1.0f3 (64-bit).lnk
2017-08-28 12:14 - 2017-09-14 14:26 - 000000000 ____D C:\Program Files\Unity2017
2017-08-27 15:50 - 2017-09-05 18:27 - 030091467 _____ C:\Users\cynik\Desktop\DB_Backup.sql
2017-08-27 15:49 - 2017-08-27 15:49 - 000000000 ____D C:\Users\cynik\Desktop\SiteBackup
2017-08-26 19:36 - 2017-08-21 15:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-26 19:36 - 2017-08-21 15:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-26 19:36 - 2017-06-15 12:32 - 000541984 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-26 19:36 - 2017-06-15 12:32 - 000525088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-26 19:36 - 2017-06-15 12:32 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-26 19:36 - 2017-06-15 12:32 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-26 19:34 - 2017-08-21 18:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001289840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001007280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-26 19:34 - 2017-08-21 18:01 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-26 19:34 - 2017-08-21 18:01 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-26 19:34 - 2017-08-21 18:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-26 19:34 - 2017-08-21 18:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-26 18:30 - 2017-08-26 18:30 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-26 18:30 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-26 18:30 - 2017-08-17 21:37 - 001923008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-26 18:30 - 2017-08-17 21:37 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-25 16:21 - 2017-08-25 16:21 - 000000000 ____D C:\Users\cynik\AppData\Local\TslGame
2017-08-24 18:16 - 2017-08-24 18:17 - 000000140 _____ C:\Users\cynik\Desktop\Personality Test.txt
2017-08-23 08:00 - 2017-09-10 10:21 - 000000000 ____D C:\Users\cynik\Desktop\censorededUp
2017-08-23 07:35 - 2017-08-23 07:35 - 124657664 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag
2017-08-23 07:35 - 2017-08-23 07:35 - 001458176 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag
2017-08-23 07:35 - 2017-08-23 07:35 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iodefrag
2017-08-23 07:35 - 2017-08-23 07:35 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag
2017-08-23 00:17 - 2017-08-28 12:25 - 000346624 _____ () C:\Users\cynik\Desktop\UniPatcher_v2017.6.exe
2017-08-22 14:51 - 2017-08-22 14:51 - 000000000 ____D C:\Program Files\Microsoft Xbox One Controller for Windows
2017-08-21 22:37 - 2017-08-21 22:37 - 000000000 ____D C:\Users\cynik\Documents\Rockstar Games
2017-08-21 22:37 - 2017-08-21 22:37 - 000000000 ____D C:\Users\cynik\AppData\Local\Rockstar Games
2017-08-21 22:37 - 2017-08-21 22:37 - 000000000 ____D C:\Program Files\Rockstar Games
2017-08-21 22:37 - 2017-08-21 22:37 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-08-17 19:40 - 2017-08-17 19:40 - 000000928 _____ C:\Users\Public\Desktop\Unity 5.6.3p1 (64-bit).lnk
2017-08-17 19:40 - 2017-08-17 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.6.3p1 (64-bit)
2017-08-17 16:20 - 2017-09-15 08:41 - 131858432 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-17 16:20 - 2017-09-15 08:41 - 001572864 _____ C:\WINDOWS\system32\config\DEFAULT
2017-08-17 16:20 - 2017-09-15 08:41 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY
2017-08-17 16:20 - 2017-08-17 16:20 - 000073728 _____ C:\WINDOWS\system32\config\SAM
2017-08-17 12:01 - 2017-08-17 12:01 - 000000000 ____D C:\Users\cynik\AppData\Roaming\electron-quick-start
2017-08-17 08:21 - 2017-08-17 08:21 - 000003246 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-08-17 08:21 - 2017-08-17 08:21 - 000003086 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-08-17 08:21 - 2017-08-17 08:21 - 000003082 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-08-17 08:21 - 2017-03-09 13:53 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2017-08-17 08:21 - 2016-03-25 14:33 - 000128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-16 08:09 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-16 07:45 - 2016-11-13 17:25 - 000000000 ____D C:\Users\cynik\Documents\Outlook Files
2017-09-16 07:44 - 2017-08-06 01:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-16 02:00 - 2016-12-29 15:40 - 000000000 ____D C:\Users\cynik\AppData\Local\Adobe
2017-09-15 22:51 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-15 20:21 - 2016-12-29 19:46 - 000000000 ____D C:\Users\cynik\Documents\Visual Studio 2017
2017-09-15 17:17 - 2017-05-26 12:43 - 000000000 ____D C:\Users\cynik\AppData\Local\UnrealEngine
2017-09-15 17:17 - 2016-12-29 11:19 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-15 13:51 - 2016-12-29 19:46 - 000000000 ____D C:\Users\cynik\AppData\Local\.IdentityService
2017-09-15 12:59 - 2017-04-25 22:10 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-09-15 12:25 - 2017-08-06 01:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-15 09:52 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-15 08:54 - 2017-08-06 01:33 - 001776062 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-15 08:50 - 2017-01-29 09:01 - 000001156 _____ C:\Users\cynik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tawk-desktop.lnk
2017-09-15 08:50 - 2016-12-29 11:19 - 000000000 ____D C:\Users\cynik\AppData\Roaming\Slack
2017-09-15 08:49 - 2017-01-29 09:01 - 000000000 ____D C:\Users\cynik\AppData\Local\tawk-desktop
2017-09-15 08:48 - 2016-12-29 11:01 - 000026192 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-09-15 08:47 - 2017-08-06 01:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-15 08:41 - 2017-03-18 04:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2017-09-15 08:39 - 2016-12-29 13:36 - 000000000 ____D C:\Users\cynik\AppData\LocalLow\IObit
2017-09-15 08:39 - 2016-12-29 13:35 - 000000000 ____D C:\Users\cynik\AppData\Roaming\IObit
2017-09-15 08:39 - 2016-12-29 13:34 - 000000000 ____D C:\ProgramData\IObit
2017-09-15 08:39 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-14 21:28 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-14 21:18 - 2017-08-06 01:53 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-09-14 21:18 - 2017-08-06 01:53 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-09-14 21:18 - 2017-08-05 19:24 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-14 20:56 - 2016-12-29 10:47 - 000000000 ____D C:\Users\cynik\AppData\Local\Packages
2017-09-14 20:18 - 2017-05-14 21:15 - 000003390 _____ C:\Users\cynik\Documents\1.reg
2017-09-14 20:10 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-09-14 19:10 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-14 18:54 - 2016-12-29 10:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-14 18:47 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-14 18:46 - 2017-08-06 01:34 - 000000000 ____D C:\Users\cynik
2017-09-14 18:29 - 2017-05-21 15:26 - 000000000 ____D C:\Users\cynik\Desktop\Driver
2017-09-14 05:41 - 2016-12-29 13:36 - 000000000 ____D C:\Users\cynik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-09-14 05:41 - 2016-12-29 13:36 - 000000000 ____D C:\Users\cynik\AppData\Roaming\Dashlane
2017-09-14 05:41 - 2016-12-29 10:51 - 000000000 ____D C:\Users\cynik\AppData\LocalLow\Mozilla
2017-09-12 23:20 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-12 23:20 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 14:36 - 2016-12-29 11:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 14:34 - 2016-12-29 11:05 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 13:23 - 2016-12-29 13:52 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-12 09:22 - 2016-12-31 18:16 - 000000000 ____D C:\Users\cynik\AppData\Roaming\uTorrent
2017-09-12 00:44 - 2016-12-29 11:19 - 000000000 ____D C:\Users\cynik\AppData\Local\slack
2017-09-12 00:43 - 2016-12-29 11:19 - 000000000 ____D C:\Users\cynik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-09-12 00:43 - 2016-12-29 11:19 - 000000000 ____D C:\Users\cynik\AppData\Local\SquirrelTemp
2017-09-11 11:29 - 2016-12-29 18:14 - 000000000 ____D C:\ProgramData\Unity
2017-09-10 22:16 - 2017-03-31 21:44 - 000000000 ____D C:\Users\cynik\AppData\Local\Facebook
2017-09-10 20:17 - 2017-06-04 13:49 - 000000621 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-09-10 20:17 - 2017-06-04 13:48 - 000000000 ____D C:\Users\cynik\AppData\Local\Bluestacks
2017-09-08 03:20 - 2016-12-29 20:55 - 000000000 ____D C:\Users\cynik\AppData\Local\CrashDumps
2017-09-06 17:49 - 2016-12-29 13:34 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-06 17:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-06 11:11 - 2017-01-09 13:27 - 000000000 ____D C:\Users\cynik\AppData\Local\Battle.net
2017-09-06 10:10 - 2017-01-09 13:26 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-05 23:30 - 2016-12-31 21:06 - 000000000 ____D C:\Users\cynik\AppData\Roaming\FileZilla
2017-09-05 23:30 - 2016-12-29 13:16 - 000000000 ____D C:\Users\cynik\AppData\Local\MSfree Inc
2017-09-05 23:18 - 2016-11-27 11:12 - 000002296 ____H C:\Users\cynik\Documents\Default.rdp
2017-09-05 19:45 - 2016-12-31 15:15 - 000000000 ____D C:\Users\cynik\Documents\Navicat
2017-09-05 19:41 - 2016-12-31 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2017-09-05 19:41 - 2016-12-31 15:15 - 000000000 ____D C:\Program Files\PremiumSoft
2017-09-05 09:16 - 2017-08-03 21:06 - 000000000 ____D C:\ProgramData\Gramblr
2017-09-05 08:57 - 2017-05-23 21:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-05 08:57 - 2016-12-29 13:52 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-05 08:57 - 2016-12-29 13:52 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-05 08:57 - 2016-12-29 10:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-05 08:42 - 2017-03-25 11:08 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-09-05 08:25 - 2017-06-01 07:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-09-05 06:36 - 2016-12-29 12:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-04 18:10 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-04 00:35 - 2015-04-19 20:02 - 000102155 _____ C:\Users\cynik\Desktop\SUBARU 65 MM MAF HOUSING WELD PART.SLDPRT
2017-09-01 15:25 - 2017-05-06 10:37 - 000000000 ____D C:\Users\cynik\Documents\BeamNG.drive
2017-08-31 15:08 - 2017-08-06 01:50 - 000003980 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-31 15:08 - 2017-08-06 01:50 - 000003748 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-08-29 21:09 - 2017-07-16 22:05 - 000000000 ____D C:\Users\cynik\AppData\Roaming\AlbionOnline
2017-08-29 21:08 - 2017-01-31 09:27 - 000001261 _____ C:\Users\cynik\Desktop\AlbionOnline.lnk
2017-08-27 16:58 - 2016-12-29 22:45 - 000000000 ____D C:\Program Files\HeidiSQL
2017-08-26 19:36 - 2017-08-06 01:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-26 19:36 - 2017-08-06 01:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-26 19:36 - 2017-02-08 07:29 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-26 18:30 - 2017-08-06 01:32 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-26 18:30 - 2017-03-25 10:21 - 000001517 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-25 16:21 - 2017-03-25 10:21 - 000000000 ____D C:\Users\cynik\AppData\Local\NVIDIA Corporation
2017-08-25 14:39 - 2016-12-29 18:11 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-25 14:39 - 2016-12-29 18:11 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 07:35 - 2017-08-13 16:56 - 124657664 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-08-23 07:35 - 2017-08-13 16:56 - 005357568 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2017-08-23 07:35 - 2017-08-13 16:56 - 001458176 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-08-23 07:35 - 2017-08-13 16:56 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-08-23 07:35 - 2017-08-13 16:56 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-08-21 16:10 - 2017-08-06 01:32 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-21 16:10 - 2017-08-06 01:32 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-21 16:10 - 2017-08-06 01:32 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-21 16:10 - 2017-08-06 01:32 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-21 16:10 - 2017-08-06 01:32 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-21 16:10 - 2017-08-06 01:32 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-21 16:10 - 2017-08-06 01:32 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-20 10:57 - 2017-01-02 13:39 - 000000000 ____D C:\Users\cynik\AppData\Roaming\Origin
2017-08-20 10:56 - 2016-11-16 09:31 - 000001111 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-08-20 10:51 - 2017-01-02 13:37 - 000000000 ____D C:\ProgramData\Origin
2017-08-20 00:41 - 2016-12-29 10:51 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-20 00:41 - 2016-12-29 10:51 - 000001222 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-19 00:10 - 2017-08-06 01:32 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-18 19:43 - 2017-01-23 11:45 - 000000000 ____D C:\Users\cynik\AppData\Local\APManager
2017-08-18 19:42 - 2017-01-23 11:45 - 000000000 ____D C:\Users\cynik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessport
2017-08-17 21:37 - 2017-03-25 10:21 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-17 21:37 - 2017-03-25 10:21 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-17 21:37 - 2017-03-25 10:21 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-17 21:36 - 2017-05-13 16:16 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-17 21:36 - 2017-05-13 16:16 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-17 19:41 - 2016-12-29 12:20 - 000000000 ____D C:\Program Files\Unity
2017-08-17 16:44 - 2016-12-29 11:06 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-17 09:26 - 2017-03-25 10:19 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-17 08:21 - 2016-12-30 04:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag

==================== Files in the root of some directories =======

2017-01-22 21:59 - 2017-06-23 12:57 - 000001456 _____ () C:\Users\cynik\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-05-21 15:35 - 2017-05-21 15:35 - 000000000 _____ () C:\Users\cynik\AppData\Local\Driver_LOM_8171Present.flag
2017-03-31 21:54 - 2017-03-31 21:54 - 000000015 _____ () C:\Users\cynik\AppData\Local\X-Plane_drm_11.prf
2017-03-31 21:53 - 2017-03-31 21:53 - 000000022 _____ () C:\Users\cynik\AppData\Local\x-plane_install_11.txt
2017-08-06 01:32 - 2017-08-06 01:32 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\cynik\en_res.dll
C:\Users\cynik\es_res.dll
C:\Users\cynik\fr_res.dll
C:\Users\cynik\grm_res.dll
C:\Users\cynik\it_res.dll
C:\Users\cynik\jp_res.dll
C:\Users\cynik\mfc80u.dll
C:\Users\cynik\msvcr80.dll
C:\Users\cynik\PCPE Setup.exe
C:\Users\cynik\pt_res.dll
C:\Users\cynik\ResourceReader.dll
C:\Users\cynik\ru_res.dll
C:\Users\cynik\zh_res.dll

Some files in TEMP:
====================
2017-08-06 02:02 - 2017-09-15 08:49 - 000619616 _____ () C:\Users\cynik\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2017-09-10 20:21 - 2017-09-10 20:21 - 033689344 _____ (BlueStack Systems, Inc.) C:\Users\cynik\AppData\Local\Temp\BlueStacksFriends-Setup-11.0.2.exe
2017-09-15 08:36 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\Users\cynik\AppData\Local\Temp\dllnt_dump.dll
2017-09-15 08:34 - 2017-09-15 08:34 - 003078176 _____ () C:\Users\cynik\AppData\Local\Temp\npp.7.5.1.Installer.x64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 10:43

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017
Ran by cynik (16-09-2017 08:09:17)
Running from C:\Users\cynik\Desktop\AntiVirus
Windows 10 Pro Version 1703 (X64) (2017-08-06 08:58:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-225795373-1205061139-3748372482-500 - Administrator - Disabled)
cynik (S-1-5-21-225795373-1205061139-3748372482-1001 - Administrator - Enabled) => C:\Users\cynik
DefaultAccount (S-1-5-21-225795373-1205061139-3748372482-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-225795373-1205061139-3748372482-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-225795373-1205061139-3748372482-501 - Limited - Disabled)
iride (S-1-5-21-225795373-1205061139-3748372482-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.0.0 (x64) Installer (x64) (HKLM\...\{3A36F010-62C4-4173-9F25-257F1B0899DD}) (Version: 4.0.4911 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.0 (x64) Installer (x64) (HKLM-x32\...\{c7c7d963-f622-455d-879a-7ffa111d1322}) (Version: 1.0.0 - Microsoft Corporation)
.NET Core SDK 1.0.4 (x64) (HKLM\...\{11ACCE3C-C179-472C-A8CA-0F467702B2DA}) (Version: 4.1.5012 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.4 (x64) (HKLM-x32\...\{c56e80af-58a4-490b-a1cd-5718290133b9}) (Version: 1.0.4 - Microsoft Corporation)
.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
@BIOS B16.1205.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B16.1205.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
µTorrent (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
4K Stogram 2.5 (HKLM-x32\...\{E138B7C5-04B0-4B06-8716-56772F85E524}) (Version: 2.5.1.1346 - Open Media LLC)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
911 Operator (HKLM\...\Steam App 503560) (Version:  - Jutsu Games)
AccessPORT Driver 1.3.1 (HKLM-x32\...\AccessPORT Driver) (Version:  - Cobb Tuning Products, LLC.)
Accessport Manager 2.1.3.4 (HKLM-x32\...\Accessport Manager) (Version: 2.1.3.4 - COBB Tuning Products, LLC)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Albion Online (HKLM-x32\...\SandboxAlbionOnline) (Version:  - Sandbox Interactive GmbH)
Ambient LED (HKLM-x32\...\{BEF97B38-D1B8-45B4-A60A-AF5C1556CC72}) (Version: 1.00.1605.1801 - GIGABYTE) Hidden
Ambient LED (HKLM-x32\...\InstallShield_{BEF97B38-D1B8-45B4-A60A-AF5C1556CC72}) (Version: 1.00.1605.1801 - GIGABYTE)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.17.0823.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.17.0823.1 - GIGABYTE)
Art of War: Red Tides (HKLM\...\Steam App 558100) (Version:  - Game Science)
BeamNG.drive (HKLM\...\Steam App 284160) (Version:  - BeamNG)
BIOS Setup (HKLM-x32\...\{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.00.0000 - GIGABYTE) Hidden
BIOS Setup (HKLM-x32\...\InstallShield_{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.00.0000 - GIGABYTE)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.44.1625 - BlueStack Systems, Inc.)
BlueStacksFriends 11.0.2 (only current user) (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\d7102876-3e3d-5287-80d2-e4af8b7891ff) (Version: 11.0.2 - BlueStack Systems, Inc.)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.16.1020.1 - GIGABYTE)
Car Mechanic Simulator 2018 (HKLM\...\Steam App 645630) (Version:  - Red Dot Games)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Cloud Station (Server) (HKLM-x32\...\{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 1.00.1701.1201 - GIGABYTE) Hidden
Cloud Station (Server) (HKLM-x32\...\InstallShield_{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 1.00.1701.1201 - GIGABYTE)
CloudStation (HKLM-x32\...\{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0021 - GIGABYTE) Hidden
CloudStation (HKLM-x32\...\InstallShield_{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0021 - GIGABYTE)
Comedy Night (HKLM\...\Steam App 665360) (Version:  - Lighthouse Games Studio)
Corsair Link 4 (HKLM-x32\...\{43242464-db63-47fb-b75c-706bc0dcd863}) (Version: 4.3.0.154 - Corsair Components, Inc.)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Dashlane (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Dashlane) (Version: 4.8.8.36377 - Dashlane SAS)
DevXUnityUnpackerTools version 1.15 (HKLM-x32\...\{6E27F00D-8BB1-4EDF-9514-7B24961BB1B7}_is1) (Version: 1.15 - DevXDevelop)
DiagnosticsHub_CollectionService (HKLM\...\{F7ED41B6-1E54-4640-A633-F94AC7FA7EFD}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 35.3.15 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.63.1 - Dropbox, Inc.) Hidden
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.16.1117 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.16.1117 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0328 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0328 - GIGABYTE)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.16.1017 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.16.1017 - GIGABYTE)
Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
FreeCAD 0.16 - A free open source CAD system (HKLM\...\FreeCAD 0.16) (Version: 0.16.6712 - Juergen Riegel)
GigabyteFirmwareUpdateUtility (HKLM-x32\...\{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.00.0000 - GIGABYTE) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32\...\InstallShield_{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.00.0000 - GIGABYTE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.71 - Gramblr Team)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1116.1 - GIGABYTE)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hardware Engineers (HKLM\...\Steam App 485900) (Version:  - Green127)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{55669453-883A-4F15-9D3B-BC990F5C9A32}) (Version: 6.0.6 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Internet Information Services (IIS) 7+ Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.0.2.32 - IObit)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
JetBrains dotPeek 2017.1.1 (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\{1c9cfaa8-8d5f-58dc-81f3-41370a70ee73}) (Version: 2017.1.1  - JetBrains s.r.o.)
JetBrains ReSharper Ultimate in Visual Studio Professional 2017 (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\{67f5eac7-7130-58ce-82ef-d754d3aa70b2}) (Version: 2017.1.1  - JetBrains s.r.o.)
Killer Bandwidth Control Filter Driver (HKLM\...\{89A9DA12-B6F1-4966-95B3-574EEB6DF07E}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer Performance Suite (HKLM\...\{0E807BB1-B1A9-41DA-B220-DF60FAF7F324}) (Version: 1.2.1302 - Rivet Networks)
Killer Performance Suite (HKLM-x32\...\{75269D5A-2CE7-48D1-8169-5744C83C574F}) (Version: 1.1.65.1357 - Rivet Networks)
King's Quest (HKLM\...\Steam App 345390) (Version:  - The Odd Gentlemen)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Messenger for Desktop (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\messengerfordesktop) (Version: 2.0.9 - MessengerForDesktop.com)
Microsoft .NET Core 1.0.1 - SDK Preview 4 (x64) (HKLM-x32\...\{4b5484b5-ef1f-4f6b-9532-d03071bfb38b}) (Version: 1.0.0.4233 - Microsoft Corporation)
Microsoft .NET Core 1.0.3 - SDK RC 4 (x64) (HKLM-x32\...\{c123f33d-df50-411a-8d89-b142ab465986}) (Version: 1.0.0.4771 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33284.727 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (HKLM\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-US)) (Version: 45.6.0 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Open Live Writer (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\OpenLiveWriter) (Version: 0.6.2 - Open Live Writer)
Oracle VM VirtualBox 5.1.24 (HKLM\...\{6487D3C0-8C39-4585-A44C-64DC40F22CB7}) (Version: 5.1.24 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.45600 - Electronic Arts, Inc.)
Pandora (HKLM-x32\...\{CF73D1C4-4D78-890A-BF35-E275B96E678E}) (Version: 2.0.10 - Pandora Media, Inc) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1) (Version: 2.0.10 - Pandora Media, Inc)
PlatformPowerManagement (HKLM-x32\...\{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.16.0331 - GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32\...\InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.16.0331 - GIGABYTE)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PremiumSoft Navicat 11.2 for SQL Server (HKLM\...\PremiumSoft Navicat for SQL Server_is1) (Version: 11.2.15 - PremiumSoft CyberTech Ltd.)
PremiumSoft Navicat Premium 11.2 (HKLM\...\PremiumSoft Navicat Premium_is1) (Version: 11.2.6 - PremiumSoft CyberTech Ltd.)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.315 BETA - Bitsum)
Production Empire (HKLM\...\Steam App 651070) (Version:  - )
Production Line (HKLM\...\Steam App 591370) (Version:  - Positech Games)
Production Line (HKLM-x32\...\Production Line_is1) (Version:  - Positech Games)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.3.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
ScreenToGif (HKLM-x32\...\{B46AB504-140F-4E7D-833C-C6CA1A4FAAD7}) (Version: 2.9.0 - Nicke Manarin)
Shadow Tactics: Blades of the Shogun Demo (HKLM\...\Steam App 547490) (Version:  - Mimimi Productions)
SimAirport (HKLM\...\Steam App 598330) (Version:  - LVGameDev LLC)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.16.1221 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.16.1221 - GIGABYTE)
Slack (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\slack) (Version: 2.8.0 - Slack Technologies)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.7.0 - IObit)
SmartKeyboard (HKLM-x32\...\{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.00.0000 - GIGABYTE) Hidden
SmartKeyboard (HKLM-x32\...\InstallShield_{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.00.0000 - GIGABYTE)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.06 - Creative Technology Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardock Fences 3 (HKLM-x32\...\Stardock Fences 3) (Version: 3.05 - Stardock Software, Inc.)
Stardock WindowFX (HKLM-x32\...\WindowFX) (Version: 6.02 - Stardock Software, Inc.)
Startup Company (HKLM\...\Steam App 606800) (Version:  - Hovgaard Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Legal Racing: Redline v2.3.1 (HKLM\...\Steam App 497180) (Version:  - Invictus-Games LLC.)
Suicide Guy (HKLM\...\Steam App 303610) (Version:  - Fabio Ferrara)
Tap Adventure: Time Travel (HKLM\...\Steam App 596650) (Version:  - Avallon Alliance)
Tawk.to (HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\Tawk-desktop) (Version:  - tawk.to)
Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.3.50306 - Telerik)
Telerik UI for WinForms Q1 2016 SP1 (HKLM-x32\...\{DBC060CA-46A6-4798-9875-7A4D31E8EDDE}) (Version: 16.1.216.0 - Telerik AD)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.32.1.1020 - Electronic Arts Inc.)
Throne of Lies (HKLM\...\Steam App 595280) (Version:  - Imperium42™ Game Studio)
Thunderbolt(TM) Software (HKLM-x32\...\{146DE795-0B91-40E7-9991-5DC766EFB211}) (Version: 15.3.40.275 - Intel Corporation)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2017.1.1f1 - Unity Technologies ApS)
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 29.0 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VitalSource Bookshelf (HKLM-x32\...\{a6d98ffd-0915-4653-8efe-da3dd4bdaa0a}) (Version: 7.1.0001 - Ingram Content Group)
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
VTuner (HKLM-x32\...\{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.17.0103 - GIGABYTE) Hidden
VTuner (HKLM-x32\...\InstallShield_{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.17.0103 - GIGABYTE)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows SDK AddOn (HKLM-x32\...\{3BE62AA1-60B9-42EA-99BC-1A46B31C7E0C}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Xamarin (HKLM-x32\...\{1B95406D-7BC6-4B5E-85B2-2A53CA12D5C5}) (Version: 4.3.0.459 - Xamarin) Hidden
Xamarin.Bonjour v1.0.11 (HKLM-x32\...\{B484E6C8-B82E-4CCE-8FAA-136473B22B1D}) (Version: 1.0.11.0 - Xamarin) Hidden
X-Plane 11 (HKLM-x32\...\X-Plane 11_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-02-12] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ContextMenuHandlers1: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2017-06-13] (Stardock)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2017-06-13] (Stardock)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-12] (Dropbox, Inc.)
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2017-06-13] (Stardock)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2017-06-13] (Stardock)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {052D0093-13BD-48DC-96F0-E6C508F0277A} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2017-04-27] (Bitsum LLC)
Task: {0552B729-4A74-4517-BDB1-1AD4E869AE20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {0856FF19-596A-4CC5-85CF-76D6C43A7602} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-29] (Dropbox, Inc.)
Task: {0C0EC080-9B91-46C0-B3F4-DCF9FE1DAC23} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {0D1BCA50-830D-4BAC-9011-D2209756CFA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-29] (Google Inc.)
Task: {150228BF-9E1D-4356-8994-40B875BDC9DE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-17] (NVIDIA Corporation)
Task: {1796EA8C-A230-47D1-ABE9-20784EF49652} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-17] (NVIDIA Corporation)
Task: {21D71C0E-14C6-4580-9C3A-00226DA6FEE4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-29] (Dropbox, Inc.)
Task: {2504B758-F469-4BF3-8A09-00E3F6121EF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {299878B8-DC65-4781-BC28-462609E68B8C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {3A876571-57D0-4710-9D95-DDFAF323060E} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe [2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {3EC5A278-83FB-427D-B54C-67F9368A8637} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {56E47123-4C7E-43BA-A13E-9C567D022165} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {57499ECC-551E-44CC-A047-7A83624E131D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {5CAE473C-1FE3-45DE-9308-15C2FC701BF7} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {65D0BA34-97BE-49CF-B4CB-321CD4C5A021} - System32\Tasks\Uninstaller_SkipUac_cynik => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-08-17] (IObit)
Task: {7758C2A2-A0A2-4DDD-A5DF-E67B70AEBA5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {882D6536-2998-4210-A479-6593CC46D240} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {8A26C78F-A676-4560-8355-453DB5BB2F55} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-17] (NVIDIA Corporation)
Task: {8A8838A5-4355-4C83-BB71-386FA1E9B235} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.26201.1 => C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VSIXAutoUpdate.exe [2017-08-16] ()
Task: {90491C6D-55E1-4D0D-B1C0-381AC6D2945B} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {99578C18-B127-4206-9556-B6EFEE636C7F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cynikal33@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {9C1DED66-6F57-47AD-89E4-28E481549034} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-17] (NVIDIA Corporation)
Task: {9D0A15CB-BB4F-4689-87EF-879ACC9DC7DA} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-04-27] (Bitsum LLC)
Task: {9F0AE1FD-CF7C-4F55-8A4E-BDFB37565BE1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-17] (NVIDIA Corporation)
Task: {AC82D250-BCA7-4F35-9D12-8FB8F8134A4A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-08-07] (IObit)
Task: {B1FA628D-3359-4886-8707-7E0E1D43B4F0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {B576BE09-BE14-496C-AEFD-8304DF2C7F18} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {C22C7D7B-53A3-4A3D-9E81-8ACF69024D26} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {C2FD32A1-C818-4BDD-BDA2-A2D6EBFF32F8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {C5354153-F4FB-40C0-AC1E-6B7419627586} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {D7546632-61F2-41C8-B4AC-F9FFA09207D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-29] (Google Inc.)
Task: {DAA16CF6-589A-42AA-A87C-9D3A446EC42E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-17] (NVIDIA Corporation)
Task: {EE3A2405-9D89-425D-AFC1-476B50AF022C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {FCDBDBF5-E4F0-4147-A480-2BF7916AFA9E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_cynik.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-13 08:49 - 2015-07-13 08:49 - 000597496 _____ () C:\Program Files (x86)\Stardock\WindowFX\WFX32.exe
2015-06-25 09:45 - 2015-06-25 09:45 - 000017920 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
2017-09-05 11:12 - 2017-09-09 12:44 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-26 18:30 - 2017-08-17 21:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-13 12:33 - 2017-06-13 12:33 - 000062424 _____ () c:\program files (x86)\stardock\fences\SdCrashReporter64.dll
2017-02-12 15:31 - 2017-02-12 15:31 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-08-16 10:46 - 2017-08-16 10:46 - 002509744 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2017-07-19 09:18 - 2017-07-19 09:18 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-07-06 09:56 - 2015-07-06 09:56 - 062813205 _____ () C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\tawk-desktop.exe
2017-09-12 00:43 - 2017-09-12 00:43 - 002140160 _____ () C:\Users\cynik\AppData\Local\slack\app-2.8.0\ffmpeg.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 000211968 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\nslog\build\Release\nslog.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000109568 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000089088 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@paulcbetts\system-idle-time\build\Release\system_idle_time.node
2015-07-06 09:56 - 2015-07-06 09:56 - 001890304 _____ () C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\libglesv2.dll
2015-07-06 09:56 - 2015-07-06 09:56 - 000086016 _____ () C:\Users\cynik\AppData\Roaming\Tawk\tawk-desktop-current\libegl.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 002551808 _____ () C:\Users\cynik\AppData\Local\slack\app-2.8.0\libglesv2.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 000093184 _____ () C:\Users\cynik\AppData\Local\slack\app-2.8.0\libegl.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 000482816 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000758784 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@nodert-win10\windows.data.xml.dom\build\Release\binding.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000398336 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@nodert-win10\windows.ui.notifications\build\Release\binding.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000400896 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\slack-calls.node
2017-09-12 00:43 - 2017-09-12 00:43 - 007576064 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\CallsCore.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 001484288 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\boringssl.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 000223744 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\protobuf_lite.dll
2017-09-12 00:43 - 2017-09-12 00:43 - 000157184 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000086528 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\windows-quiet-hours\build\Release\quiethours.node
2017-09-12 00:43 - 2017-09-12 00:43 - 000086528 _____ () \\?\C:\Users\cynik\AppData\Local\slack\app-2.8.0\resources\app.asar.unpacked\node_modules\windows-notification-state\build\Release\notificationstate.node
2016-12-29 15:59 - 2016-12-29 15:59 - 000145920 _____ () C:\Program Files (x86)\Pandora\Pandora.exe
2017-08-25 14:39 - 2017-08-23 01:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-25 14:39 - 2017-08-23 01:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-05 08:25 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-09-05 08:25 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-09-05 08:25 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-08-06 02:02 - 2017-09-15 08:49 - 000619616 _____ () C:\Users\cynik\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2017-08-17 08:21 - 2016-01-11 17:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-08-17 08:20 - 2016-01-11 17:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2015-02-17 01:47 - 2015-02-17 01:47 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\ycc.dll
2016-08-09 19:49 - 2016-08-09 19:49 - 001804800 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2017-04-14 14:39 - 2017-04-14 14:39 - 000133632 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2017-09-12 13:22 - 2017-09-12 01:22 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-12 13:22 - 2017-09-12 01:22 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-12 13:22 - 2017-09-12 01:23 - 000023872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_bootstrap.dll
2017-09-12 13:22 - 2017-09-12 01:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-12 13:22 - 2017-09-12 01:23 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-12 13:22 - 2017-09-12 01:23 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-12 13:22 - 2017-09-12 01:23 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-12 13:22 - 2017-09-12 01:22 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-12 13:22 - 2017-09-12 01:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-12 13:22 - 2017-09-12 01:22 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-12 13:22 - 2017-09-12 01:27 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-12 13:22 - 2017-09-12 01:23 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-12 13:22 - 2017-09-12 01:28 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-12 13:22 - 2017-09-12 01:23 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-12 13:22 - 2017-09-12 01:28 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-12 13:22 - 2017-09-12 01:25 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-12 13:22 - 2017-09-12 01:25 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-12 13:22 - 2017-09-12 01:25 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-12 13:22 - 2017-09-12 01:25 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-12 13:22 - 2017-09-12 01:28 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-12 13:22 - 2017-09-12 01:27 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-12 13:22 - 2017-09-12 01:28 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-12 13:22 - 2017-09-12 01:23 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-12 13:22 - 2017-09-12 01:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-12 13:22 - 2017-09-12 01:25 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-12 13:22 - 2017-09-12 01:28 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-12 13:22 - 2017-09-12 01:22 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-12 13:22 - 2017-09-12 01:23 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-12 13:22 - 2017-09-12 01:22 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-12 13:22 - 2017-09-12 01:23 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-12 13:22 - 2017-09-12 01:27 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-12 13:22 - 2017-09-12 01:24 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-12 13:22 - 2017-09-12 01:28 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-12 13:22 - 2017-09-12 01:24 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-09-05 08:25 - 2017-05-22 11:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-09-05 08:25 - 2017-05-23 18:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-09-05 08:25 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2017-03-25 10:20 - 2017-08-17 21:36 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-03-25 10:20 - 2017-08-17 21:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-03 09:24 - 2017-08-04 14:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-09 18:16 - 2017-09-06 21:51 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-29 11:20 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-29 11:20 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-29 11:20 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-29 11:20 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-29 11:20 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-29 11:20 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-29 11:20 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-29 11:20 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-09-09 18:16 - 2017-09-06 21:51 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-29 11:20 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-09-03 09:24 - 2017-07-17 15:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 22:35 - 2017-05-16 18:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-29 11:20 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-03 09:24 - 2017-07-17 15:50 - 001936672 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-09-03 09:24 - 2017-07-17 15:50 - 000113952 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 04:47 - 2017-09-05 08:39 - 000001053 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-225795373-1205061139-3748372482-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cynik\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles (2)\DesktopBackground\{52b70d0f-45c4-4e62-a548-65f3d956f3c4}.png
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-225795373-1205061139-3748372482-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{410E91AE-CC24-49F1-8412-6D73FB107141}C:\program files (x86)\gigabyte\appcenter\gcupd.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gcupd.exe
FirewallRules: [UDP Query User{CCE2F6A5-1F8A-47BF-98C2-0BA46C493421}C:\program files (x86)\gigabyte\appcenter\gcupd.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gcupd.exe
FirewallRules: [TCP Query User{BA550219-03AD-4D5B-8CFC-68FE316C255D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AF442F33-3AE1-4243-B65C-97B7E6ABDBFB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{8FDF4B53-6079-4D9B-9081-B38678954D45}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{BB9B3FD1-4BA3-4DAB-9048-9C96D314E70F}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{EFA66CBD-53A9-4E4E-9B42-A43FA5DF1284}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{38822DC2-012B-4279-BD9F-8024CE3A9232}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{796A3978-1CCF-44EB-95C6-EFC312ACEEAD}] => (Allow) D:\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe
FirewallRules: [{44E2DEFC-1001-43E1-AB32-5FF551DCD0BD}] => (Allow) D:\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe
FirewallRules: [{C9C9DB54-7BB8-49D3-83A8-1DD52AFE7075}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C7FE5175-02A8-4959-B3D3-26349C18260E}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{CA902351-62DF-4533-BEEA-E7E602466B48}C:\program files (x86)\bluestacks\hd-plus-service.exe] => (Allow) C:\program files (x86)\bluestacks\hd-plus-service.exe
FirewallRules: [UDP Query User{4AD65DBE-103B-4B7E-8B79-E758F878AE9D}C:\program files (x86)\bluestacks\hd-plus-service.exe] => (Allow) C:\program files (x86)\bluestacks\hd-plus-service.exe
FirewallRules: [{AB280FE8-FFB4-420A-9742-37811F8ACEA9}] => (Allow) D:\SteamLibrary\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{BDAABD0E-EC7F-4D4F-9578-B95A699A1A42}] => (Allow) D:\SteamLibrary\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{0F1A3501-DEC4-46C2-BEEB-3168374B8F7D}] => (Allow) D:\SteamLibrary\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{A05CD748-0425-4C1D-94BA-7B9245CDC570}] => (Allow) D:\SteamLibrary\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{744AC0A5-0453-44F1-8281-27CA5044F167}] => (Allow) D:\SteamLibrary\steamapps\common\Automation\WindowsNoEditor\AutomationGame.exe
FirewallRules: [{448A0852-D121-4924-B7A1-517448BFA62D}] => (Allow) D:\SteamLibrary\steamapps\common\Automation\WindowsNoEditor\AutomationGame.exe
FirewallRules: [{44708169-99F2-4E3E-80D5-0DBBDDBEC638}] => (Allow) D:\SteamLibrary\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe
FirewallRules: [{BA55E4D0-00E4-4E5A-9186-94307E2CD0BD}] => (Allow) D:\SteamLibrary\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe
FirewallRules: [TCP Query User{38679019-3489-46D3-B3FC-4193FF341B2D}C:\program files\unity2017\editor\unity.exe] => (Allow) C:\program files\unity2017\editor\unity.exe
FirewallRules: [UDP Query User{482C0CFA-834F-4F8E-A43D-325E337026BB}C:\program files\unity2017\editor\unity.exe] => (Allow) C:\program files\unity2017\editor\unity.exe
FirewallRules: [TCP Query User{873F9C15-385E-4977-B6A2-462F1C7D0948}C:\program files (x86)\microsoft visual studio\2017\professional\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\professional\common7\ide\devenv.exe
FirewallRules: [UDP Query User{39CB0D74-C1BA-48DD-9BA4-119D06287017}C:\program files (x86)\microsoft visual studio\2017\professional\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\professional\common7\ide\devenv.exe
FirewallRules: [TCP Query User{36B39D97-C8A8-4AFE-A917-3DD9338C7B76}D:\steamlibrary\steamapps\common\automation\windowsnoeditor\automationgame\binaries\win64\automationgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\automation\windowsnoeditor\automationgame\binaries\win64\automationgame-win64-shipping.exe
FirewallRules: [UDP Query User{4E1B126E-048B-45BA-B473-3716FBE9BA9C}D:\steamlibrary\steamapps\common\automation\windowsnoeditor\automationgame\binaries\win64\automationgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\automation\windowsnoeditor\automationgame\binaries\win64\automationgame-win64-shipping.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2017 08:09:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2017 08:09:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIM-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (09/16/2017 08:09:27 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:24 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:22 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:20 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:19 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (09/16/2017 08:09:17 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:15 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:13 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:10 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

Error: (09/16/2017 08:09:08 AM) (Source: DCOM) (EventID: 10001) (User: TIM-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.15063.608_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

CodeIntegrity:
===================================
  Date: 2017-09-15 08:50:40.015
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 23:36:30.498
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 20:56:11.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 20:28:34.620
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 20:00:44.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 19:32:17.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 18:52:13.280
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 14:04:37.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-09 12:41:46.199
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-07 10:33:55.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 35%
Total physical RAM: 32721.82 MB
Available physical RAM: 21184.98 MB
Total Virtual: 131025.82 MB
Available Virtual: 468.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1396.01 GB) (Free:1055.86 GB) NTFS
Drive d: (Storage) (Fixed) (Total:1862.92 GB) (Free:1139.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 25E17353)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 250427F4)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=784 MB) - (Type=27)

==================== End of Addition.txt ============================

[Aura]

Almost done.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Fix button
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
• Copy and paste its content in your next reply
  

How's your system behaving now? Are there any other issues to address?

fixlist.txt

[Cynikal]

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017
Ran by cynik (16-09-2017 10:07:31) Run:1
Running from C:\Users\cynik\Desktop\AntiVirus
Loaded Profiles: cynik (Available Profiles: defaultuser0 & cynik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

S3 cpuz138; C:\Users\cynik\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2017-09-14] (CPUID) <==== ATTENTION

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

C:\Users\cynik\AppData\Local\vmtndqd
C:\Users\cynik\AppData\Local\ctfetps
C:\WINDOWS\system32\imebmoo
C:\WINDOWS\system32\Drivers\72296468.sys
2017-09-07 10:34 - 2017-09-07 10:34 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\724E2325.sys
2017-09-06 21:25 - 2017-09-06 21:25 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0A3947D5.sys
2017-09-06 17:57 - 2017-09-06 17:57 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\75C7284D.sys
2017-09-06 17:52 - 2017-09-06 17:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2A62241E.sys
2017-09-06 17:50 - 2017-09-06 17:50 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3FB322EB.sys
2017-09-06 17:49 - 2017-09-06 17:49 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6D872143.sys
2017-09-06 17:47 - 2017-09-06 17:47 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\29E420EE.sys
2017-09-06 17:44 - 2017-09-06 17:44 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3AE11E36.sys
2017-09-06 17:31 - 2017-09-06 17:31 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-09-05 11:51 - 2017-09-05 11:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66C64225.sys

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\System\CurrentControlSet\Services\cpuz138 => key removed successfully
cpuz138 => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Users\cynik\AppData\Local\vmtndqd => moved successfully
C:\Users\cynik\AppData\Local\ctfetps => moved successfully
C:\WINDOWS\system32\imebmoo => moved successfully
C:\WINDOWS\system32\Drivers\72296468.sys => moved successfully
C:\WINDOWS\system32\Drivers\724E2325.sys => moved successfully
C:\WINDOWS\system32\Drivers\0A3947D5.sys => moved successfully
C:\WINDOWS\system32\Drivers\75C7284D.sys => moved successfully
C:\WINDOWS\system32\Drivers\2A62241E.sys => moved successfully
C:\WINDOWS\system32\Drivers\3FB322EB.sys => moved successfully
C:\WINDOWS\system32\Drivers\6D872143.sys => moved successfully
C:\WINDOWS\system32\Drivers\29E420EE.sys => moved successfully
C:\WINDOWS\system32\Drivers\3AE11E36.sys => moved successfully
C:\WINDOWS\system32\Drivers\imofugc.sys => moved successfully
C:\WINDOWS\system32\Drivers\66C64225.sys => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57709329 B
Java, Flash, Steam htmlcache => 359613653 B
Windows/system/drivers => 9523476 B
Edge => 1159814 B
Chrome => 737407439 B
Firefox => 18615710 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 18862 B
NetworkService => 2306894 B
defaultuser0 => 0 B
cynik => 639289006 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:12:01 ====

[Aura]

How's your system behaving now? Are there any other issues to address?

[Cynikal]

Everything seems fine, except the start menu is no longer working.

 

"Microsoft.Windows.ShellExperienceHost" and "Microsoft.Windows.Cortana" applications need to be installed correctly.   I think this was removed after the mbar scan.

[Aura]

Follow the instructions under "PART 2" in the tutorial below.

http://www.askvg.com/guide-how-to-reinstall-all-default-built-in-apps-in-windows-10/

Make sure to open a PowerShell command with Admin Rights first.

[Aura]

Hi Cynikal,

Are you still with me?

[Cynikal]

Hey Aura,

After the fixes, there was a lot of minor issues with the windows apps and start menu.

 

I just went ahead and reformatted the machine.

 

Thanks for all the help!

[Aura]

Well, no problem! Glad to see that your issue has been solved though!

Stay safe Cynikal  

[Aura]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!