1. #1

    Malware Issues, DLL Errors

    I believe I might have some malware or spyware on my computer. I've been getting random rundll32.exe permission errors when trying to access certain Control Panel settings in Windows 10. I am also getting random pop-ups in Internet Explorer which I never got before. My search engine seems to have changed also to something I don't recognize. Sometimes my internet connection even drops randomly for 5-10 seconds at a time. Here are my attached reports...


    Checkup.txt


    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET NOD32 Antivirus 9.0.349.0
    Windows Defender
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 71
    Java version 32-bit out of Date!
    Adobe Flash Player 20.0.0.286
    Google Chrome (47.0.2526.111)
    Google Chrome (48.0.2564.97)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    FRST.txt


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
    Ran by sch64 (administrator) on CEEJAY-PC (03-02-2016 20:02:52)
    Running from C:\Users\sch64\Downloads
    Loaded Profiles: sch64 (Available Profiles: sch64)
    Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials




    ==================== Processes (Whitelisted) =================




    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)




    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\OSC\nvosc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Flux Software LLC) C:\Users\sch64\AppData\Local\FluxSoftware\Flux\flux.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
    (GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
    (GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
    (GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrServer.exe
    () C:\SickRage\Installer\nssm.exe
    () C:\SickRage\Python\python.exe
    () C:\Program Files\WindowsApps\Microsoft.XboxApp_11.13.6008.0_x64__8wekyb3d8bbwe\XboxApp.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    () C:\Program Files (x86)\Plex\Plex Media Server\PlexNewTranscoder.exe
    (mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe








    ==================== Registry (Whitelisted) ===========================




    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)




    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-01] (Logitech Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787384 2016-01-20] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
    HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-02] (Valve Corporation)
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Run: [f.lux] => C:\Users\sch64\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-15] (GOG.com)
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [9918104 2015-12-22] ()
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6452552 2016-01-22] (Plex, Inc.)
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-07-29]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-07-29]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Users\sch64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-11-10] ()
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION




    ==================== Internet (Whitelisted) ====================




    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)




    Tcpip\..\Interfaces\{8233723c-8818-412e-bd0b-8ab204203880}: [NameServer] 192.168.1.1




    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-07-29] (LastPass)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-22] (Oracle Corporation)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-07-29] (LastPass)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://rap.northshorelij.com/dana-cached/sc/JuniperSetupClient.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1586
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)




    FireFox:
    ========
    FF ProfilePath: C:\Users\sch64\AppData\Roaming\Mozilla\Firefox\Profiles\x4z99fc6.default-1451097372517
    FF Homepage: hxxps://32pag.es/index.php
    hxxps://baconbits.org/login.php
    hxxp://www.bitme.org/login.php
    hxxps://broadcasthe.net/login.php
    hxxps://gazellegames.net/index.php
    hxxps://iptorrents.com/
    hxxp://www.myanonamouse.net/index.php
    hxxp://passthepopcorn.me/login.php
    hxxps://what.cd/login.php
    hxxps://****.feralhosting.com/craigzlist/rutorrent/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-07-29] (LastPass)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-07-29] (LastPass)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Extension: LastPass - C:\Users\sch64\AppData\Roaming\Mozilla\Firefox\Profiles\x4z99fc6.default-1451097372517\extensions\support@lastpass.com [2016-01-08]
    FF Extension: Adblock Plus - C:\Users\sch64\AppData\Roaming\Mozilla\Firefox\Profiles\x4z99fc6.default-1451097372517\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]




    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-29]
    CHR Extension: (Google Docs) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-29]
    CHR Extension: (Google Drive) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Adblock Plus) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
    CHR Extension: (Google Search) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Google Sheets) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-29]
    CHR Extension: (Google Docs Offline) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-29]
    CHR Extension: (ReChat for Twitch™) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-01-17]
    CHR Extension: (Transmogrify for Plex) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdogfefgaagaledbkgeffgbjlaaplpgo [2015-10-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
    CHR Extension: (Hover Zoom+) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-01-29]
    CHR Extension: (Gmail) - C:\Users\sch64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-29]
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]




    ==================== Services (Whitelisted) ========================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
    R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2015-07-29] (Creative Technology Ltd)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
    S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-15] (GOG.com)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-01-29] (GOG.com)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-01-20] (NVIDIA Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-01-20] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6309944 2016-01-20] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4814392 2016-01-20] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-01] (Electronic Arts)
    S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-01-14] (Power Admin LLC)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-08-04] ()
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [57856 2016-01-10] (Razer Inc.) [File not signed]
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
    R2 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [181328 2016-01-11] (RemoteMyApp sp. z o.o.)
    R2 SickRage; C:\SickRage\Installer\nssm.exe [331264 2014-08-31] () [File not signed]
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [747800 2015-12-14] (DEVGURU Co., LTD.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)




    ===================== Drivers (Whitelisted) ==========================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    R3 CCVI; C:\Windows\system32\drivers\CCVI.sys [16384 2012-06-25] (Silicon Laboratories)
    R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2015-07-29] (Creative Technology Ltd)
    R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2015-06-22] (Creative Technology Ltd)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
    S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
    R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-03] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-26] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-01-20] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
    R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
    S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26392 2015-12-14] (DEVGURU Co., LTD.)
    R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2015-07-23] (Splashtop Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 WLRAWMp50x64; C:\Windows\System32\Drivers\WLRAWMp50x64.sys [35352 2013-10-31] (Logitech, Inc.)
    S3 WLRAWMp50x64; C:\Windows\SysWOW64\Drivers\WLRAWMp50x64.sys [35352 2013-10-31] (Logitech, Inc.)
    S3 WLRAWSp50x64; C:\Windows\System32\Drivers\WLRAWSp50x64.sys [34328 2013-10-31] (Logitech, Inc.)
    S3 WLRAWSp50x64; C:\Windows\SysWOW64\Drivers\WLRAWSp50x64.sys [34328 2013-10-31] (Logitech, Inc.)
    R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-01] (Intel Corporation)
    S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
    S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]




    ==================== NetSvcs (Whitelisted) ===================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)








    ==================== One Month Created files and folders ========




    (If an entry is included in the fixlist, the file/folder will be moved.)




    2016-02-03 20:02 - 2016-02-03 20:03 - 00024770 _____ C:\Users\sch64\Downloads\FRST.txt
    2016-02-03 20:02 - 2016-02-03 20:02 - 02370560 _____ (Farbar) C:\Users\sch64\Downloads\FRST64.exe
    2016-02-03 20:02 - 2016-02-03 20:02 - 00852798 _____ C:\Users\sch64\Downloads\SecurityCheck.exe
    2016-02-03 17:27 - 2016-02-03 17:27 - 00000000 ___HD C:\OneDriveTemp
    2016-02-03 17:24 - 2016-02-03 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2016-02-03 17:23 - 2016-02-03 17:23 - 22505664 _____ (Razer Inc.) C:\Users\sch64\Downloads\Razer_Synapse_Framework_V1.18.21.28549.exe
    2016-02-02 11:45 - 2016-02-02 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
    2016-02-02 11:32 - 2016-02-03 20:02 - 00000000 ____D C:\FRST
    2016-02-02 11:06 - 2016-02-02 11:32 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-02-02 11:06 - 2016-02-02 11:06 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-02-02 10:38 - 2016-02-02 10:38 - 00000000 ____D C:\AdwCleaner
    2016-02-02 09:55 - 2016-02-02 10:11 - 00000000 ____D C:\ProgramData\Remotr
    2016-02-02 09:55 - 2016-02-02 09:55 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remotr Streamer.lnk
    2016-02-02 09:55 - 2016-02-02 09:55 - 00000000 ____D C:\Program Files (x86)\Remotr
    2016-01-29 21:38 - 2016-01-29 21:38 - 00263772 _____ C:\Users\sch64\Documents\cc_20160129_213853.reg
    2016-01-29 21:29 - 2016-01-29 21:29 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-29 21:29 - 2016-01-29 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-29 21:29 - 2016-01-29 21:29 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-29 12:28 - 2016-01-29 12:28 - 00000000 ____D C:\Users\sch64\AppData\Roaming\NVIDIA
    2016-01-29 09:13 - 2016-02-03 17:26 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-29 09:13 - 2016-01-22 22:31 - 00215608 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2016-01-29 09:13 - 2016-01-22 20:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2016-01-29 09:13 - 2016-01-22 19:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2016-01-29 09:13 - 2016-01-21 21:06 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
    2016-01-29 09:12 - 2016-01-25 12:34 - 12474312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2016-01-29 09:12 - 2016-01-22 22:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 19778944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 14114944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 03648552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 03230824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00541184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00445912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
    2016-01-29 09:12 - 2016-01-22 22:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
    2016-01-29 09:12 - 2016-01-22 22:31 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
    2016-01-29 08:55 - 2016-01-29 09:35 - 00000000 ____D C:\Users\sch64\Limelight
    2016-01-27 22:27 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-27 22:27 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-01-27 22:27 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-27 22:27 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-27 22:27 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-01-27 22:27 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-01-27 22:27 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-01-27 22:27 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-01-27 22:27 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-27 22:27 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-01-27 22:27 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-01-27 22:27 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-27 22:27 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-27 22:27 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-27 22:27 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-27 22:27 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-27 22:27 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-01-27 22:27 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-27 22:27 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-27 22:27 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-01-27 22:27 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-27 22:27 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-27 22:27 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-27 22:27 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-27 22:27 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-27 22:27 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-27 22:27 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-27 22:27 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-27 22:27 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-27 22:26 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-27 22:26 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-27 22:26 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-27 22:26 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-27 22:26 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-27 22:26 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-27 22:26 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-27 22:26 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-27 22:26 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-27 22:26 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-27 22:26 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-27 22:26 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-27 22:26 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-27 22:26 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-27 22:26 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-27 22:26 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-01-27 22:26 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-27 22:26 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-27 22:26 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-27 22:26 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-27 22:26 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-27 22:26 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-27 22:26 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-27 22:26 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-27 22:26 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-27 22:26 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-27 22:26 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-27 22:26 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-27 22:26 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-27 22:26 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-27 22:26 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-27 22:26 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-27 22:26 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-27 22:26 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-27 22:26 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-27 22:26 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-27 22:26 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-27 22:26 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-27 22:26 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-27 22:26 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-27 22:26 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-27 22:26 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-27 22:26 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-27 22:26 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-27 22:26 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-27 22:26 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-27 22:26 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-27 22:26 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-27 22:26 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-27 22:26 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-27 22:26 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-27 22:26 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-27 22:26 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-27 22:26 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-27 22:26 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-27 22:26 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-27 22:26 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-27 22:26 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-27 22:26 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-27 22:26 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-27 22:26 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-27 22:26 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-27 22:26 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-27 22:26 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-27 22:26 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-27 22:26 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-27 22:26 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-27 22:26 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-27 22:26 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-27 22:26 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-27 22:26 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-27 22:26 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-27 22:26 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-27 22:26 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-27 22:26 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-27 22:26 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-27 22:26 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-27 22:26 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-27 22:26 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-27 22:26 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-27 22:26 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-27 22:26 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-27 22:26 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-27 22:26 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-27 22:26 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-27 22:26 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-27 22:26 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-27 22:26 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-27 22:26 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-27 22:26 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-27 22:26 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-01-27 22:26 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-27 22:26 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-27 22:26 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-27 22:26 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-01-27 12:04 - 2016-01-29 21:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-01-26 22:17 - 2016-01-26 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2016-01-26 22:17 - 2016-01-26 22:17 - 00000000 ____D C:\Program Files (x86)\Plex
    2016-01-25 18:32 - 2016-01-25 18:32 - 00545031 _____ C:\Users\sch64\Documents\TaxReturn.pdf
    2016-01-22 20:26 - 2016-01-22 20:26 - 00000000 ____D C:\Users\sch64\AppData\Roaming\Oracle
    2016-01-22 00:05 - 2016-01-22 00:05 - 00000000 ____D C:\Users\sch64\AppData\Local\LogMeInIgnition
    2016-01-21 23:26 - 2016-01-21 23:27 - 00000000 ____D C:\Users\sch64\AppData\Roaming\ICAClient
    2016-01-21 23:26 - 2016-01-21 23:26 - 00000000 ____D C:\Users\sch64\AppData\Local\ICAClient
    2016-01-21 23:25 - 2016-01-21 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
    2016-01-21 23:25 - 2016-01-21 23:25 - 00000000 ____D C:\Program Files (x86)\Citrix
    2016-01-15 22:05 - 2016-01-15 22:05 - 00000000 ____D C:\Users\sch64\AppData\Local\GalaxyCommunicationService
    2016-01-14 20:39 - 2016-01-14 20:39 - 00000000 ____D C:\Users\sch64\AppData\Local\LucasArts
    2016-01-14 13:59 - 2016-01-29 09:03 - 00000000 ____D C:\Users\sch64\AppData\Local\NVIDIA Corporation
    2016-01-14 13:34 - 2016-01-29 09:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-14 13:34 - 2016-01-29 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-14 13:34 - 2016-01-29 09:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-14 13:34 - 2016-01-20 02:33 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2016-01-14 13:34 - 2016-01-20 02:32 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-01-14 13:34 - 2016-01-14 14:01 - 00000000 ____D C:\Users\sch64\AppData\Local\NVIDIA
    2016-01-14 13:34 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2016-01-14 13:34 - 2015-12-18 01:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2016-01-14 13:34 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2016-01-14 13:24 - 2016-01-14 13:24 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
    2016-01-13 21:45 - 2016-01-13 21:45 - 00000000 ____D C:\Users\sch64\AppData\Roaming\Microsoft Games
    2016-01-13 21:11 - 2016-01-13 21:11 - 00000000 ____D C:\ProgramData\Splashtop
    2016-01-13 21:11 - 2016-01-13 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
    2016-01-12 19:36 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-12 19:36 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-01-12 19:36 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-01-12 19:36 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-12 19:36 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-12 19:36 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-01-12 19:36 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2016-01-12 19:36 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-12 19:36 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-12 19:36 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-12 19:36 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-12 19:36 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-01-12 19:36 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-01-12 19:36 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-12 19:36 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-12 19:36 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-12 19:36 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2016-01-12 19:36 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-12 19:36 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-01-12 19:36 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-12 19:36 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-12 19:36 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2016-01-12 19:36 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-12 19:36 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-12 19:36 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-12 19:36 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-12 19:36 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-12 19:36 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-12 19:36 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-01-12 19:36 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-01-12 19:36 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-01-12 19:36 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-01-12 19:36 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-01-12 19:36 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-12 19:36 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-01-12 19:36 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-01-12 19:36 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2016-01-12 19:36 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-01-12 19:36 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-01-12 19:36 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-12 19:36 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-01-12 19:36 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-01-12 19:36 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-01-12 19:36 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-12 19:36 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-12 19:36 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
    2016-01-12 19:36 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-01-12 19:36 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-12 19:36 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-12 19:36 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-12 19:36 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-01-12 19:36 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2016-01-12 19:36 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-01-12 19:36 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-12 19:36 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-01-12 19:36 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2016-01-12 19:36 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-12 19:36 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2016-01-12 19:36 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-12 19:36 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
    2016-01-12 19:36 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-01-12 19:36 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-12 19:36 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-01-12 19:36 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-12 19:36 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-12 19:36 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-12 19:36 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-12 19:36 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-01-12 19:36 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-01-12 19:36 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-12 19:36 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-01-12 19:36 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-12 19:36 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-01-12 19:32 - 2016-01-12 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2016-01-12 19:32 - 2016-01-12 19:32 - 00000000 ____D C:\ProgramData\ESET
    2016-01-12 19:32 - 2016-01-12 19:32 - 00000000 ____D C:\Program Files\ESET
    2016-01-10 21:43 - 2016-01-10 21:43 - 00091136 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
    2016-01-10 21:42 - 2016-01-10 21:42 - 00075776 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
    2016-01-10 21:42 - 2016-01-10 21:42 - 00035328 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzAPIChromaSDK.dll
    2016-01-09 12:43 - 2016-01-09 12:43 - 00000000 ____D C:\Program Files (x86)\Kaseya Remote Control




    ==================== One Month Modified files and folders ========




    (If an entry is included in the fixlist, the file/folder will be moved.)




    2016-02-03 20:02 - 2015-07-29 20:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-03 19:59 - 2015-07-29 20:55 - 00000000 ____D C:\Users\sch64\AppData\Roaming\mIRC
    2016-02-03 19:09 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-03 19:09 - 2015-07-29 20:03 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-03 19:06 - 2015-07-29 21:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-03 18:17 - 2015-07-29 20:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-03 17:56 - 2015-07-31 07:42 - 00000000 ____D C:\Users\sch64\AppData\Local\CrashDumps
    2016-02-03 17:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-03 17:28 - 2015-07-29 20:44 - 00000000 ____D C:\Users\sch64\AppData\LocalLow\LastPass
    2016-02-03 17:27 - 2015-07-29 21:45 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-02-03 17:27 - 2015-07-29 20:37 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-03 17:27 - 2015-07-29 20:15 - 00000000 ___RD C:\Users\sch64\OneDrive
    2016-02-03 17:26 - 2015-12-16 06:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-03 17:26 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-03 17:24 - 2015-07-29 21:17 - 00000000 ____D C:\Program Files (x86)\Razer
    2016-02-02 15:41 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-02 10:19 - 2015-12-16 06:47 - 00000000 ____D C:\Users\sch64
    2016-02-01 23:57 - 2015-07-29 20:37 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 23:57 - 2015-07-29 20:37 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-01-31 16:38 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-01-31 16:36 - 2015-07-31 08:03 - 00000000 ____D C:\Users\sch64\AppData\Roaming\Skype
    2016-01-30 14:54 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-29 21:37 - 2015-07-29 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-29 21:34 - 2015-12-16 09:43 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-29 10:14 - 2015-07-29 20:13 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-29 10:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-29 09:13 - 2015-12-16 06:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-29 09:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
    2016-01-28 21:20 - 2015-07-29 22:02 - 00000000 ____D C:\Users\sch64\AppData\Roaming\Guild Wars 2
    2016-01-28 17:57 - 2015-07-29 20:37 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-27 23:25 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-26 22:17 - 2015-07-30 09:13 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-23 15:34 - 2015-07-29 21:01 - 00000000 ____D C:\Users\sch64\Documents\The Witcher 3
    2016-01-22 20:25 - 2015-08-30 17:58 - 00000000 ____D C:\Users\sch64\.oracle_jre_usage
    2016-01-22 20:25 - 2015-07-29 21:45 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-01-22 20:25 - 2015-07-29 21:45 - 00000000 ____D C:\ProgramData\Oracle
    2016-01-22 20:25 - 2015-07-29 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-22 20:25 - 2015-07-29 21:45 - 00000000 ____D C:\Program Files (x86)\Java
    2016-01-22 00:05 - 2015-09-03 17:25 - 00000000 ____D C:\ProgramData\LogMeIn
    2016-01-20 20:55 - 2015-07-29 23:08 - 00000600 _____ C:\Users\sch64\AppData\Local\PUTTY.RND
    2016-01-20 02:33 - 2015-07-29 21:36 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-01-20 02:32 - 2015-10-14 14:34 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-01-20 02:32 - 2015-07-29 21:36 - 01903160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-01-18 08:16 - 2015-07-31 08:03 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-14 13:43 - 2015-07-29 21:13 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2016-01-14 13:43 - 2015-07-29 21:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-01-13 21:48 - 2015-07-29 21:01 - 00000000 ____D C:\Users\sch64\Documents\My Games
    2016-01-13 21:11 - 2015-07-30 08:39 - 00000000 ____D C:\Program Files (x86)\Splashtop
    2016-01-12 19:42 - 2015-08-11 21:27 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-12 19:38 - 2015-08-11 21:27 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-12 19:33 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-01-12 19:28 - 2015-12-16 06:44 - 00336352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-12 19:28 - 2015-07-29 20:52 - 00000000 ____D C:\ProgramData\Norton
    2016-01-12 19:23 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-01-12 17:08 - 2015-07-29 22:01 - 00000000 ____D C:\Users\sch64\AppData\Local\Battle.net
    2016-01-12 12:04 - 2015-07-29 20:55 - 00000000 ____D C:\Program Files (x86)\mIRC
    2016-01-09 12:43 - 2015-08-09 09:37 - 00000000 ____D C:\Users\sch64\AppData\Local\Kaseya
    2016-01-07 18:21 - 2015-07-29 20:13 - 00000000 ____D C:\Users\sch64\AppData\Local\Packages
    2016-01-07 18:19 - 2015-10-18 17:19 - 00000000 ____D C:\ProgramData\VMware
    2016-01-07 18:19 - 2015-10-18 17:19 - 00000000 ____D C:\Program Files (x86)\VMware




    ==================== Files in the root of some directories =======




    2015-07-29 20:45 - 2015-07-29 20:45 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2015-07-29 23:08 - 2016-01-20 20:55 - 0000600 _____ () C:\Users\sch64\AppData\Local\PUTTY.RND




    Some files in TEMP:
    ====================
    C:\Users\sch64\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\sch64\AppData\Local\Temp\gamepad_jni-5864968204769999934.dll
    C:\Users\sch64\AppData\Local\Temp\gamepad_jni-9118716835169985543.dll
    C:\Users\sch64\AppData\Local\Temp\namebench.exe
    C:\Users\sch64\AppData\Local\Temp\nvStInst.exe
    C:\Users\sch64\AppData\Local\Temp\python27.dll
    C:\Users\sch64\AppData\Local\Temp\tcl85.dll
    C:\Users\sch64\AppData\Local\Temp\tk85.dll








    ==================== Bamital & volsnap =================




    (There is no automatic fix for files that do not pass verification.)




    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed








    LastRegBack: 2016-02-02 13:05




    ==================== End of FRST.txt ============================


    Addition.txt




    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by sch64 (2016-02-03 20:03:15)
    Running from C:\Users\sch64\Downloads
    Windows 10 Pro (X64) (2015-12-16 11:53:54)
    Boot Mode: Normal
    ==========================================================








    ==================== Accounts: =============================




    Administrator (S-1-5-21-1568726808-3019669588-267697966-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1568726808-3019669588-267697966-503 - Limited - Disabled)
    Guest (S-1-5-21-1568726808-3019669588-267697966-501 - Limited - Disabled)
    sch64 (S-1-5-21-1568726808-3019669588-267697966-1001 - Administrator - Enabled) => C:\Users\sch64




    ==================== Security Center ========================




    (If an entry is included in the fixlist, it will be removed.)




    AV: ESET NOD32 Antivirus 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET NOD32 Antivirus 9.0.349.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}




    ==================== Installed Programs ======================




    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)




    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version: - Rocksteady Studios)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.6.2.40658 - Electronic Arts)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    CCVI Driver x64 (HKLM-x32\...\{C55E1690-A0AD-4BC2-BB0A-1AAFB1232E9F}) (Version: 0.1.0000 - Antec Inc.)
    ChillControl VI (HKLM-x32\...\{9667E231-A6A9-4F16-B14E-6F7A037E512C}) (Version: 1.0.0001 - Antec Inc.)
    Citrix XenApp Plugin for Hosted Apps (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
    Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
    CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
    Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
    Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
    Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
    Dragon Age™ II (HKLM-x32\...\{E1EB9F56-AFE2-4204-B28F-AD8DA793B9F4}) (Version: 1.04.8524.0 - Electronic Arts)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
    DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)
    Epic Games Launcher (HKLM-x32\...\{16969EF2-23EA-4BD9-B085-4952D95E8A7D}) (Version: 1.1.48.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    ESET NOD32 Antivirus (HKLM\...\{39609CFB-57C5-4879-9C76-8BE895969C5B}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
    f.lux (HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\Flux) (Version: - )
    Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
    Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version: - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
    GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
    Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.3.3.400 - Intel Corporation)
    iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version: - Avalanche Studios)
    Kaseya Remote Control (HKLM-x32\...\{35749470-7C88-4779-BCEA-11D4F00B7381}) (Version: 9.1.5655.31803 - Kaseya)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\Steam App 32440) (Version: - Traveller's Tales)
    Logitech Alert Commander (HKLM-x32\...\{9C815CCE-8A56-4C1E-A3CA-D1BA519882BC}) (Version: 3.5.97 - Logitech)
    Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
    Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
    Mozilla Firefox 44.0 (x64 en-US) (HKLM\...\Mozilla Firefox 44.0 (x64 en-US)) (Version: 44.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.8 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.10.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.1.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
    OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
    Plex Media Server (HKLM-x32\...\{40fb0edd-d178-4968-87d6-83fa4adb37bf}) (Version: 0.9.1502 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1502 - Plex, Inc.) Hidden
    PuTTY release 0.65 (HKLM-x32\...\PuTTY_is1) (Version: 0.65 - Simon Tatham)
    PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.3.0 - Razer Inc.)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
    Remotr version 1.2.1198 (HKLM-x32\...\Remotr_is1) (Version: 1.2.1198 - RemoteMyApp sp. z o.o.)
    Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
    Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version: - Crystal Dynamics)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
    Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.2.0.37 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.58.0 - Samsung Electronics Co., Ltd.)
    SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.10.1.2 - NVIDIA Corporation) Hidden
    SickRage (master) (HKLM\...\{B0D7EA3E-CC34-4BE6-95D5-3C3D31E9E1B2}_is1) (Version: master - SiCKRAGE)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
    Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
    Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
    Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
    Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
    SNOW (HKLM-x32\...\Steam App 244930) (Version: - Poppermost Productions)
    Sonic and SEGA All Stars Racing (HKLM-x32\...\Steam App 34190) (Version: - Sumo Digital)
    Sound Blaster Z-Series (HKLM-x32\...\{B2C527EF-4F7B-405A-ADB4-89B432891FF2}) (Version: 1.00.28 - Creative Technology Limited)
    Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.4.5 - Splashtop Inc.)
    Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version: - Raven Software)
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version: - LucasArts)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
    The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com)
    The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.12.1.0 - GOG.com)
    The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.12.1.0 - GOG.com)
    Turok: Dinosaur Hunter (HKLM-x32\...\Steam App 405820) (Version: - Iguana Entertainment)
    Verdun (HKLM-x32\...\Steam App 242860) (Version: - M2H)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)




    ==================== Custom CLSID (Whitelisted): ==========================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    CustomCLSID: HKU\S-1-5-21-1568726808-3019669588-267697966-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sch64\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)




    ==================== Scheduled Tasks (Whitelisted) =============




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    Task: {024550D3-94C2-4CAD-BF67-034199696E15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
    Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {0EA4C8C6-687C-4392-B477-7A24976FC165} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
    Task: {1542C521-F4E4-42B7-B619-CBF907D7A48B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
    Task: {26D2E7D1-1ED4-4FCC-98BD-6F36192987B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-29] (Google Inc.)
    Task: {27A3A738-D781-4A76-85A8-36B2C7D95120} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
    Task: {4EC05A87-D7C9-4772-8D2E-6A97549C4BFB} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
    Task: {BEBDB3D9-C927-435A-9015-CB234512A7F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {E56A1E94-68DE-46A2-AE90-7CA45B80B077} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {EE44B47E-F1CC-4342-9668-441D22E56BEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-29] (Google Inc.)




    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe




    ==================== Shortcuts =============================




    (The entries could be listed to be restored or removed.)




    ==================== Loaded Modules (Whitelisted) ==============




    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-01-29 09:13 - 2016-01-22 20:01 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-01-14 13:34 - 2016-01-20 02:36 - 00292920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2015-08-04 20:39 - 2015-08-04 21:04 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
    2015-12-16 12:21 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-01-12 19:36 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-27 22:27 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-12-16 12:21 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-12-17 14:57 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-17 14:57 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-17 14:57 - 2015-12-06 23:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
    2016-01-12 19:36 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 19:36 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-01-27 22:27 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2015-07-01 19:28 - 2015-07-01 19:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2015-07-01 19:28 - 2015-07-01 19:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2016-01-14 13:34 - 2016-01-20 02:36 - 00717368 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
    2016-01-14 13:34 - 2016-01-20 02:36 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
    2016-01-29 09:04 - 2016-01-20 02:43 - 04406720 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\MessageBus.dll
    2016-01-14 14:01 - 2015-06-25 10:03 - 00970240 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.Core.dll
    2016-01-14 14:01 - 2015-06-25 10:03 - 53344768 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libcef.dll
    2016-01-14 14:01 - 2015-06-25 10:03 - 00613888 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\CefSharp.BrowserSubprocess.Core.dll
    2016-01-14 14:01 - 2015-06-25 10:03 - 01015296 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\ffmpegsumo.dll
    2016-01-14 14:01 - 2015-06-25 10:03 - 00208896 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libEGL.dll
    2016-01-14 14:01 - 2015-06-25 10:03 - 01750016 _____ () C:\Program Files (x86)\NVIDIA Corporation\OSC\libGLESv2.dll
    2016-01-14 13:34 - 2016-01-20 02:32 - 00391168 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\NvRemux64.dll
    2015-12-22 04:50 - 2015-12-22 04:50 - 09918104 _____ () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
    2016-01-04 22:53 - 2016-01-04 22:53 - 01232408 _____ () C:\Users\sch64\AppData\Roaming\Mozilla\Firefox\Profiles\x4z99fc6.default-1451097372517\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll
    2015-10-14 14:56 - 2014-08-31 07:34 - 00331264 _____ () C:\SickRage\Installer\nssm.exe
    2015-05-23 08:44 - 2015-05-23 08:44 - 00026624 _____ () C:\SickRage\Python\python.exe
    2015-05-23 08:44 - 2015-05-23 08:44 - 02223104 _____ () C:\SickRage\Python\DLLs\_ssl.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00047616 _____ () C:\SickRage\Python\DLLs\_socket.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 01567232 _____ () C:\SickRage\Python\DLLs\_hashlib.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00010752 _____ () C:\SickRage\Python\DLLs\select.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00112640 _____ () C:\SickRage\Python\DLLs\_ctypes.pyd
    2015-10-14 14:56 - 2013-09-04 12:30 - 00071168 _____ () C:\SickRage\Python\lib\site-packages\OpenSSL\crypto.pyd
    2015-10-14 14:56 - 2013-09-04 12:30 - 00010752 _____ () C:\SickRage\Python\lib\site-packages\OpenSSL\rand.pyd
    2015-10-14 14:56 - 2013-09-04 12:30 - 00052224 _____ () C:\SickRage\Python\lib\site-packages\OpenSSL\SSL.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00060416 _____ () C:\SickRage\Python\DLLs\_sqlite3.pyd
    2015-05-23 08:42 - 2015-05-23 08:42 - 00535040 _____ () C:\SickRage\Python\DLLs\sqlite3.dll
    2015-05-23 08:44 - 2015-05-23 08:44 - 00166912 _____ () C:\SickRage\Python\DLLs\_elementtree.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00164352 _____ () C:\SickRage\Python\DLLs\pyexpat.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00689664 _____ () C:\SickRage\Python\DLLs\unicodedata.pyd
    2015-05-23 08:44 - 2015-05-23 08:44 - 00080896 _____ () C:\SickRage\Python\DLLs\bz2.pyd
    2015-10-14 14:56 - 2015-10-14 14:56 - 00191488 _____ () C:\SickRage\SickRage\lib\unrar2\UnRARDLL\x64\unrar64.dll
    2015-05-23 08:44 - 2015-05-23 08:44 - 00031744 _____ () C:\SickRage\Python\DLLs\_multiprocessing.pyd
    2016-01-08 18:06 - 2016-01-08 18:06 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_11.13.6008.0_x64__8wekyb3d8bbwe\XboxApp.exe
    2016-01-08 18:06 - 2016-01-08 18:06 - 33921024 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_11.13.6008.0_x64__8wekyb3d8bbwe\XboxApp.dll
    2016-01-21 13:50 - 2016-01-21 14:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-10-13 04:45 - 2015-10-13 04:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 18693976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexNewTranscoder.exe
    2016-01-14 13:34 - 2016-01-20 02:36 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-07-29 21:51 - 2015-12-15 00:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-07-29 21:51 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-07-29 21:51 - 2016-02-02 15:30 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-07-29 21:51 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-07-29 21:51 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-07-29 21:51 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-07-29 21:51 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-07-29 21:51 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-07-29 21:51 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-07-29 21:51 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-07-29 21:51 - 2016-02-02 15:29 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-07-29 21:36 - 2016-01-20 02:36 - 00020536 _____ () c:\program files (x86)\nvidia corporation\nvstreamsrv\detoured.dll
    2015-07-29 21:51 - 2015-12-29 20:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2015-07-29 21:51 - 2016-01-05 20:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-04-10 03:30 - 2015-04-10 03:30 - 01289216 _____ () C:\Program Files (x86)\Samsung\SideSync4\cairo.dll
    2015-12-22 04:52 - 2015-12-22 04:52 - 02649752 _____ () C:\Program Files (x86)\Samsung\SideSync4\NativeSideSyncFramework.dll
    2015-12-22 04:53 - 2015-12-22 04:53 - 00819864 _____ () C:\Program Files (x86)\Samsung\SideSync4\SCommon.dll
    2015-12-22 04:53 - 2015-12-22 04:53 - 04221080 _____ () C:\Program Files (x86)\Samsung\SideSync4\SLocales.dll
    2015-04-10 03:30 - 2015-04-10 03:30 - 00230529 _____ () C:\Program Files (x86)\Samsung\SideSync4\libpng14-14.dll
    2015-04-10 03:30 - 2015-04-10 03:30 - 00100352 _____ () C:\Program Files (x86)\Samsung\SideSync4\zlib1.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00851784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00057672 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00097608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 01986376 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 01743688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00501064 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00031048 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00083784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00206664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00551984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libdcadec.dll
    2016-01-22 01:27 - 2016-01-22 01:27 - 00055112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2016-01-22 01:27 - 2016-01-22 01:27 - 00038728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2016-01-22 01:27 - 2016-01-22 01:27 - 00029512 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2016-01-22 01:27 - 2016-01-22 01:27 - 00045896 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2016-01-22 01:27 - 2016-01-22 01:27 - 00853832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2016-01-22 01:26 - 2016-01-22 01:26 - 00073544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00177480 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2016-01-22 01:27 - 2016-01-22 01:27 - 00204104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2016-01-22 01:26 - 2016-01-22 01:26 - 00026440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2016-01-22 01:27 - 2016-01-22 01:27 - 00092488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2016-01-22 01:26 - 2016-01-22 01:26 - 00122696 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2016-01-22 01:26 - 2016-01-22 01:26 - 00700744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2015-08-01 19:37 - 2015-09-17 17:16 - 45069312 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00566272 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 01202176 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 02579456 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00476672 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00515072 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00340480 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 01785344 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00332288 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00414208 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00666624 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
    2015-08-01 19:37 - 2015-07-17 13:20 - 00139776 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00412672 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
    2015-08-01 19:37 - 2015-07-17 13:21 - 00094208 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00172032 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
    2015-08-01 19:37 - 2015-07-17 13:21 - 00107520 _____ () C:\Program Files (x86)\GalaxyClient\ZLIB1.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 01643008 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
    2015-08-01 19:37 - 2015-09-17 17:16 - 00074752 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
    2016-02-02 09:55 - 2016-01-11 21:44 - 00076368 _____ () C:\Program Files (x86)\Remotr\General.dll
    2016-02-02 09:55 - 2016-01-11 21:44 - 00028752 _____ () C:\Program Files (x86)\Remotr\amfWrapper.dll
    2016-02-02 09:55 - 2016-01-11 21:44 - 00111696 _____ () C:\Program Files (x86)\Remotr\nvEncWrapper.dll
    2016-02-02 09:55 - 2016-01-11 21:44 - 00057936 _____ () C:\Program Files (x86)\Remotr\Audio.dll
    2015-07-29 21:51 - 2015-09-24 18:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
    2016-01-21 13:50 - 2016-01-21 14:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-21 13:50 - 2016-01-21 14:31 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-20 17:12 - 2015-03-20 17:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00452256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexpat-1.dll
    2016-01-22 01:26 - 2016-01-22 01:26 - 00063304 _____ () C:\Program Files (x86)\Plex\Plex Media Server\LIBBZ2.dll
    2016-01-28 17:57 - 2016-01-27 12:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
    2016-01-28 17:57 - 2016-01-27 12:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll




    ==================== Alternate Data Streams (Whitelisted) =========




    (If an entry is included in the fixlist, only the ADS will be removed.)








    ==================== Safe Mode (Whitelisted) ===================




    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"




    ==================== EXE Association (Whitelisted) ===============




    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)








    ==================== Internet Explorer trusted/restricted ===============




    (If an entry is included in the fixlist, it will be removed from the registry.)




    IE trusted site: HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\naughtyamerica.com -> hxxp://face.naughtyamerica.com




    ==================== Hosts content: ===============================




    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)




    2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts








    ==================== Other Areas ============================




    (Currently there is no automatic fix for this section.)




    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.




    ==================== MSCONFIG/TASK MANAGER disabled items ==




    (Currently there is no automatic fix for this section.)








    ==================== FirewallRules (Whitelisted) ===============




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{10ADC03B-75AC-4E88-9320-488093A861B3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{37124FCB-7BAB-4051-AC0B-88C1FFE386CE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{AE689D4B-85BD-4ABB-AEC1-8ACB85863337}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{FA992F14-FA82-4782-B560-EE43F5E59E1F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_steam_boot.exe
    FirewallRules: [{3B2BCF22-033A-42F6-BC61-49722BB21768}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_steam_boot.exe
    FirewallRules: [{4C8D0DDB-DD86-4163-BD73-0C5DA3ABEE8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B9E0062F-C048-47DC-B6EC-42B39C31AF52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3E6E9558-F26D-448B-87FE-5A105E7F23B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D1E9A105-5EB4-4C20-8C43-1EE015E4557F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [UDP Query User{8DFE86FC-0975-4966-883F-9841A91F3F47}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{F72B84C1-485F-4DA2-9184-56321F45A0F6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{FD98BF09-5A8E-4336-A2E8-39EC3D602567}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
    FirewallRules: [{2CD0CEF7-A59D-4D34-9446-B4F190C9271E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
    FirewallRules: [{A8042E63-9A80-417C-A074-383AE527E792}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{92989982-F666-4652-B853-81A4CF2C7C15}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{02C10821-C9E3-4D4A-B8CE-CDE12C66C23B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{15B23A05-C0CE-47B6-912B-40A7DA4AC5E7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{2BDFA13E-1626-40B1-84BF-A20A05CB362C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{3E6786CD-FC22-40E4-87D5-56A5EC6B19E1}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{BB9A5672-DF70-40D8-97A5-E555E110113A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{C121E2B2-2BEC-4594-A41C-5A8D78D50FD8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9C988696-3F16-46AC-95DA-88EECFF4DAD8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{7006E14F-EAE2-454F-8BE8-025CE379BEBC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{14A13321-CB27-43CF-80E2-43BC8DF03577}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{90B0567A-C3F3-4107-A1D1-82F17AF4DCE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{E90358F4-E444-485E-A1EA-D306912D0999}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{009C4CF8-4E20-40F9-903A-436A747AFE12}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
    FirewallRules: [{CAB97D7F-067E-405B-8208-435B5C10B3C1}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
    FirewallRules: [{B53E845E-CBB3-4259-B167-814911B183A9}] => (Allow) C:\Program Files (x86)\Kaseya Remote Control\Kaseya Remote Control.exe
    FirewallRules: [{2E7EACB4-2694-4005-A5A8-3083E66B7230}] => (Allow) C:\Program Files (x86)\Kaseya Remote Control\Kaseya.AdminEndpoint.exe
    FirewallRules: [TCP Query User{FFFAC803-ADAB-4EC5-A097-B396CBED09F0}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [UDP Query User{F19A4BB7-2C14-4BE2-8B21-516B45F150BC}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [{CD7629D6-F9F1-42F9-802B-7766EAF7F798}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{B61EEC16-2B6C-4DC0-928C-4C2EBBCC4D00}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{54675773-F05B-4B07-8BED-F7D72E8CF2F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{47FD544C-3471-45A7-A1C8-928E60B5709C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{581F4173-2C4E-4F8A-88E6-93A397D8DD8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{4E897FE8-87F9-4A87-8C03-2714C6F6DB04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{507F6595-CEBC-4F29-B22D-91F90694A6EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0E3AF737-DDC2-4E8F-AF81-3098D404D7E8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
    FirewallRules: [{7FC6C95B-BD45-4C90-B404-03BACB17556F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
    FirewallRules: [{2F698149-808A-4019-A061-8002106A6CF6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
    FirewallRules: [{25ACE1A2-1397-46AB-BD08-F8E1D258E559}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
    FirewallRules: [{D805A6E9-11C8-44E7-B4C7-9C3A4792E18E}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    FirewallRules: [{7F040446-2201-49B5-96CB-C510167AC0F7}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    FirewallRules: [{87E89AFB-44D2-43C6-A58A-E8A3942A21E6}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    FirewallRules: [{FB38E547-FA0E-4FD1-9AB7-43D362424B0A}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    FirewallRules: [{D0CF149E-0DA0-43D3-B05B-20B035FE693C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
    FirewallRules: [{FF690F41-4239-45F8-B0B6-65CD9CEA59AA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
    FirewallRules: [{B1C9EBD6-D6FB-4A1E-979F-E05EC110B1F4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0F4F09C5-293E-417B-92C7-43C88DFDD796}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{501AA96E-DAEB-4628-8EE6-18B9CDEE67DF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{2BA0CA93-5B64-42E5-B42F-4AA403008AD9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{5B8BFC6A-59B6-43F2-B953-654570320982}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Verdun\Verdun.exe
    FirewallRules: [{CD224F4A-FCE3-4FE0-B5B9-D24D818F41A4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Verdun\Verdun.exe
    FirewallRules: [TCP Query User{5537D340-B54F-428E-B4C6-E3A5702B7DA4}D:\program files (x86)\steam\steamapps\common\dying light\dyinglightgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dying light\dyinglightgame.exe
    FirewallRules: [UDP Query User{611FFB54-8AEF-46C7-9A12-02FA1869012D}D:\program files (x86)\steam\steamapps\common\dying light\dyinglightgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dying light\dyinglightgame.exe
    FirewallRules: [{372054E7-7F3C-4484-87B7-1048D0C69329}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
    FirewallRules: [{1EE5F774-A049-4012-9E04-932DC686488E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
    FirewallRules: [{1C31C784-8B85-41A4-9046-B8CB393C968E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
    FirewallRules: [{EAFDF864-ED8F-44F1-89FC-2C9667AFDB2C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
    FirewallRules: [{EECEA18C-B4BA-4405-BA68-66A16C4294BC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{24F931D8-4722-4DEE-A321-DFA34C75B9CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{1B91F7C3-525C-4E5A-A134-E8FB2CB18E20}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crazy Taxi\AppLauncher.exe
    FirewallRules: [{FCA5D7C4-5B7B-4C52-B80B-D76CFFC7E268}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crazy Taxi\AppLauncher.exe
    FirewallRules: [{DD50F8B6-B5FD-4D17-BBA9-0BC294E113B3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{3E4E882F-F1E1-46C5-970C-00B078F4A6A7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{8D9C5EEE-F3C3-4787-A250-40BF8C18DC16}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{D81E5940-1540-49F5-AD94-C803B2F65688}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{E93C315A-C489-4C96-989F-D9784BBE5A9A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
    FirewallRules: [{57971D70-DF02-41DE-BDD5-1ED2BED7B16B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
    FirewallRules: [{DA44874D-CE74-4D27-BE04-70F140F63854}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
    FirewallRules: [{48D4BDBF-AC6C-4A45-9B51-1A13F4C763E6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
    FirewallRules: [{E10DB2BB-E3B5-43F6-A2AA-D6DA04FC3531}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sonic and SEGA All Stars Racing\Sonic & SEGA All-Stars Racing.exe
    FirewallRules: [{AE5103E1-8828-4E41-9277-CAFC57FC44E3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sonic and SEGA All Stars Racing\Sonic & SEGA All-Stars Racing.exe
    FirewallRules: [{F6DB9D59-C81D-476B-A6B3-62418666456D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sonic and SEGA All Stars Racing\Config.exe
    FirewallRules: [{43BD00FC-9223-4208-ACB7-32400253477C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sonic and SEGA All Stars Racing\Config.exe
    FirewallRules: [{ED740F89-2F7D-40EF-8F6C-0CA63540CD85}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
    FirewallRules: [{D1AB09D3-C611-4829-ADBD-407BBA4C2BCD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
    FirewallRules: [{1C59A9A0-73B2-4700-B462-2DB914A03E0A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
    FirewallRules: [{0EAA5B64-507D-41C0-993C-A2373015C548}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\mirrors edge\Binaries\MirrorsEdge.exe
    FirewallRules: [{323D9740-B80F-49E6-AD6A-B554D09BDA98}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    FirewallRules: [{793B6C5E-24AC-488C-B6D8-CBC917EC04F2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    FirewallRules: [{8CBCF3D8-F2D7-4B73-A8C0-5F699EE1D7A2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    FirewallRules: [{2750F29B-DED6-4889-9941-EEEE9BA01C34}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
    FirewallRules: [{A8EBFA83-2375-4876-A966-ED14D7D95005}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
    FirewallRules: [{D47DDD99-0B4B-45B7-BA67-40237975BDA1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{DAE6B696-755C-4D2D-BF10-7B7F75443B38}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{D8409FF5-5CC3-4CA0-A424-B3C8682BE485}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{D9D9F2E0-BCC5-41AE-828B-078094906E6F}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
    FirewallRules: [UDP Query User{6F2EB9BE-522D-425A-A2E6-F6963B073CF7}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
    FirewallRules: [{7A45CFD6-EF8B-4863-9797-FB73E27A8E9C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
    FirewallRules: [{48BDEE27-8399-438C-90E9-F0C782DF18D6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
    FirewallRules: [{3B4B0AB6-8F5D-4FF3-9D54-3D49D1A998A4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{DFCFEA6F-4720-40F9-9368-EC8FC4C86F6A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{8DB0606E-0D66-4DE5-9C7A-DFB71BCF96E1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
    FirewallRules: [{9C31E988-22EF-4FCC-8191-BDFC868179E9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
    FirewallRules: [{E823408F-6F29-44B6-90BE-A2D1910A2E71}] => (Allow) C:\Program Files (x86)\Remotr\RemotrServer.exe
    FirewallRules: [{7FC67D53-F4A1-4F5B-B3F8-F1585D62650B}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe




    ==================== Restore Points =========================




    21-01-2016 23:25:15 Installed Citrix XenApp Plugin for Hosted Apps
    26-01-2016 19:13:16 Installed DirectX
    02-02-2016 11:37:43 JRT Pre-Junkware Removal
    03-02-2016 17:24:08 Installed Razer Synapse.




    ==================== Faulty Device Manager Devices =============








    ==================== Event log errors: =========================




    Application errors:
    ==================
    Error: (02/03/2016 07:23:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(60:fa:cd:3d:4b:2b@fe80::62fa:cdff:fe3d:4b2b._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.




    Error: (02/03/2016 07:23:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(6c:70:9f:0a:90:f3@fe80::6e70:9fff:fe0a:90f3._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.




    Error: (02/03/2016 05:56:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
    Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
    Exception code: 0xc0000005
    Fault offset: 0x00ac6197
    Faulting process id: 0x1338
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report Id: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5




    Error: (02/03/2016 05:27:59 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8




    Error: (02/03/2016 05:27:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:




    Error: (02/03/2016 05:27:59 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8




    Error: (02/03/2016 05:27:59 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: LsaC:\Windows\System32\Secur32.dll8




    Error: (02/03/2016 05:27:59 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: ESENTC:\WINDOWS\system32\esentprf.dll8




    Error: (02/03/2016 05:27:59 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8




    Error: (02/03/2016 05:25:12 PM) (Source: Razer Chroma SDK Service) (EventID: 1) (User: )
    Description: Razer Chroma SDK ServiceOpenSCManager failed with error 1073








    System errors:
    =============
    Error: (02/03/2016 07:45:24 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.




    Error: (02/03/2016 05:26:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VMnetBridge service failed to start due to the following error:
    %%2




    Error: (02/03/2016 05:26:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_aa04b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.




    Error: (02/03/2016 05:26:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_aa04b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.




    Error: (02/03/2016 05:26:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_aa04b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.




    Error: (02/03/2016 05:26:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_aa04b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.




    Error: (02/03/2016 05:26:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable




    Error: (02/03/2016 01:58:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.




    Error: (02/03/2016 01:13:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).




    Error: (02/03/2016 01:08:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).








    CodeIntegrity:
    ===================================
    Date: 2016-01-29 10:11:53.322
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2016-01-12 20:07:30.142
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2016-01-06 23:54:11.416
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-30 04:06:59.671
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-23 07:55:27.363
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-21 09:45:14.242
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-17 11:48:17.226
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-16 06:52:25.400
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-16 06:50:58.117
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.




    Date: 2015-12-16 06:44:56.815
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.








    ==================== Memory info ===========================




    Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
    Percentage of memory in use: 16%
    Total physical RAM: 32682.46 MB
    Available physical RAM: 27140.15 MB
    Total Virtual: 37546.46 MB
    Available Virtual: 31210.06 MB




    ==================== Drives ================================




    Drive c: (OS) (Fixed) (Total:223.08 GB) (Free:134.1 GB) NTFS
    Drive d: (Games) (Fixed) (Total:1863.01 GB) (Free:649.28 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Backups) (Fixed) (Total:1863.01 GB) (Free:24.7 GB) NTFS
    Drive h: (External) (Fixed) (Total:931.51 GB) (Free:907.61 GB) NTFS




    ==================== MBR & Partition Table ==================




    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 24B230E3)
    Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)




    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 27B79788)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=223.1 GB) - (Type=07 NTFS)




    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DD2E9B7A)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)




    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9937F72)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)




    ==================== End of Addition.txt ============================


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: Malware Issues, DLL Errors

    Hi, sch644.

    Please move FRST to your desktop then do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
    S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
    IE trusted site: HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\naughtyamerica.com -> hxxp://face.naughtyamerica.com
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Malware Issues, DLL Errors

    Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by sch64 (2016-02-04 18:31:36) Run:1
    Running from C:\Users\sch64\Desktop
    Loaded Profiles: sch64 (Available Profiles: sch64)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
    S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
    IE trusted site: HKU\S-1-5-21-1568726808-3019669588-267697966-1001\...\naughtyamerica.com -> hxxp://face.naughtyamerica.com
    EmptyTemp:
    end
    *****************


    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    vmci => service removed successfully
    VMnetAdapter => service removed successfully
    VMnetBridge => service removed successfully
    HKU\S-1-5-21-1568726808-3019669588-267697966-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\naughtyamerica.com => key removed successfully
    EmptyTemp: => 375.6 MB temporary data Removed.




    The system needed a reboot.


    ==== End of Fixlog 18:31:51 ====

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: Malware Issues, DLL Errors

    Did that solve the IE/search issues?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Malware Issues, DLL Errors

    Yes, and the rundll32.exe errors stopped also. My machine is performing much better now, and I haven't been losing my internet connection like before.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: Malware Issues, DLL Errors

    Excellent! Thank you for letting me know. Now, let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Malware Issues, DLL Errors

    # DelFix v1.011 - Logfile created 05/02/2016 at 17:06:32
    # Updated 18/08/2015 by Xplode
    # Username : sch64 - CEEJAY-PC
    # Operating System : Windows 10 Pro (64 bits)


    ~ Removing disinfection tools ...


    Deleted : C:\FRST
    Deleted : C:\AdwCleaner


    ~ Creating registry backup ... OK


    ~ Cleaning system restore ...


    Deleted : RP #14 [Installed DirectX | 01/27/2016 00:13:16]
    Deleted : RP #15 [JRT Pre-Junkware Removal | 02/02/2016 16:37:43]
    Deleted : RP #16 [Installed Razer Synapse. | 02/03/2016 22:24:08]
    Deleted : RP #18 [Restore Point Created by FRST | 02/04/2016 23:31:38]


    New restore point created !


    ########## - EOF - ##########

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: Malware Issues, DLL Errors

    Excellent!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. [SOLVED] Malware infection missed by MS SE but found by MBAM, persistent errors
    By Mike'sMovies in forum Security Arena
    Replies: 10
    Last Post: 06-24-2015, 09:05 AM
  2. Replies: 3
    Last Post: 03-17-2015, 09:45 PM
  3. SFC unable to fix errors and BSOD issues - please help
    By Mandragorin in forum Windows Update
    Replies: 7
    Last Post: 09-09-2014, 03:37 PM
  4. gerawolf's malware and van helsing issues
    By gerawolf in forum Security Arena
    Replies: 21
    Last Post: 03-08-2014, 04:29 PM
  5. Network issues, sfc errors with CBS folder included
    By valadas in forum Windows Update
    Replies: 4
    Last Post: 10-13-2013, 08:31 PM

Log in

Log in