Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am getting blue screens of death constantly, wifi will randomly stop working


  • This topic is locked This topic is locked
4 replies to this topic

#1 wardr

wardr

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 12 February 2016 - 03:07 PM

Hello-

 

I am getting blue screen of death's all the time.  ALso my wifi will always go offline, and it takes 2 or 3 resets to get it back on.  Computer isn't really running that sluggish and it's relatively fine otherwise.  Sometimes the BSOD will be as soon as I boot up. Sometimes I will get it at totally random times.  The error message that it gives me is always different, not the same at all.

 

Here is the FRST file (Additions attached):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Ryan (administrator) on LAPTOP2 (12-02-2016 14:00:46)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Malachite)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Barracuda Networks, Inc.) C:\Users\Ryan\AppData\Roaming\Copy\CopyAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\uaclauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\Factorysetup\FactorySetup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9235928 2016-02-11] (Emsisoft Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [proxy_sh] => C:\Program Files\Safejumper\safejumper.exe [1813504 2015-11-01] ()
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-08] (Dropbox, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [BitTorrent Sync] => C:\Users\Ryan\AppData\Roaming\BitTorrent Sync\BTSync.exe [7995744 2015-11-01] (BitTorrent, Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [Copy] => C:\Users\Ryan\AppData\Roaming\Copy\CopyAgent.exe [15430800 2016-01-19] (Barracuda Networks, Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [Spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-01-29] (Spotify Ltd)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [Spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-01-29] (Spotify Ltd)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3931728 2015-12-18] (Tonec Inc.)
HKU\S-1-5-21-217523585-929642698-2797516468-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Ryan\AppData\Roaming\Copy\CopyAgent.exe [15430800 2016-01-19] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [    YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-10-29] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-10-29] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-10-29] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-10-29] (Yandex)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Ryan\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-11-08] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-31] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{19FC3620-BC37-45FA-9B22-D4AA9D65C0A7}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{757AA09A-C7C2-4D6D-ADAD-2E274259BB3F}: [DhcpNameServer] 146.185.134.104 192.241.172.159 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DB52CF9B-3E14-458D-BDB2-75D8A51F8C99}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FFED5419-7FF1-4272-A014-CFB5581B7B2B}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKU\S-1-5-21-217523585-929642698-2797516468-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-217523585-929642698-2797516468-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-217523585-929642698-2797516468-1001 -> DefaultScope {57081C6F-453C-4CFC-8C3C-1BB3993A42AA} URL = 
SearchScopes: HKU\S-1-5-21-217523585-929642698-2797516468-1001 -> {57081C6F-453C-4CFC-8C3C-1BB3993A42AA} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-01-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-31] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-01-31] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-31] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-31] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\8x4zsfl3.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]
FF HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-217523585-929642698-2797516468-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2016-02-12] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.startpage.com/
CHR StartupUrls: Default -> "hxxps://startpage.com/","hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> startpage.com
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01]
CHR Extension: (Flash Video Downloader) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-01-23]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-02-08]
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Adblock Plus) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-07]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (FLV Player) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2015-12-17]
CHR Extension: (Pandora) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01]
CHR Extension: (Plex) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2016-01-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (Pin It Button) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-12]
CHR Extension: (Dropbox) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-11-01]
CHR Extension: (Clearly) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-11-01]
CHR Extension: (Cosmopolise) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipihgjdhjoldhpfpmiiimpnmohpfhkcm [2015-12-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-11-01]
CHR Extension: (Mohiomap) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2015-11-01]
CHR Extension: (Evernote Web) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-11-01]
CHR Extension: (disable-HTML) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfhjgihpknekohffabeddfkmoiklonhm [2015-11-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-13]
CHR Extension: (Tweaks for Google Voice™) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomidmppcdmojcgfnpfkmhbnakbnmaff [2015-11-01]
CHR Extension: (Ghostery) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-01-02]
CHR Extension: (Page Archive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboajopncigfmjdnjcgkefdpijgjegjg [2015-11-01]
CHR Extension: (IDM Integration Module) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR Extension: (SMS Text Message Scheduler for Google Voice™) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\podfahadlppahcknimehicajmjdcfieb [2015-11-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-18]
CHR HKU\S-1-5-21-217523585-929642698-2797516468-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10963864 2016-02-11] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-21] (Dropbox, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-09] (The OpenVPN Project)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-11-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-11-02] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-11-02] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-11-02] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-11-02] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 14:00 - 2016-02-12 14:00 - 00034001 _____ C:\Users\Ryan\Desktop\FRST.txt
2016-02-12 14:00 - 2016-02-12 14:00 - 00000000 ____D C:\FRST
2016-02-12 13:59 - 2016-02-12 13:59 - 02370560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2016-02-12 13:50 - 2016-02-12 13:51 - 00287936 _____ C:\WINDOWS\Minidump\021216-31140-01.dmp
2016-02-12 13:35 - 2016-02-12 13:36 - 00289648 _____ C:\WINDOWS\Minidump\021216-26156-01.dmp
2016-02-12 12:50 - 2016-02-12 12:52 - 00290840 _____ C:\WINDOWS\Minidump\021216-32406-01.dmp
2016-02-12 12:33 - 2016-02-12 12:33 - 00000000 ____D C:\ProgramData\Emsisoft
2016-02-12 12:02 - 2016-02-12 12:27 - 00000000 ____D C:\Users\Ryan\Downloads\Video
2016-02-12 12:02 - 2016-02-12 12:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\IDM
2016-02-12 12:02 - 2016-02-12 12:04 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-02-12 12:02 - 2016-02-12 12:02 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-02-12 12:02 - 2016-02-12 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-02-12 11:20 - 2016-02-12 11:20 - 00290896 _____ C:\WINDOWS\Minidump\021216-28312-01.dmp
2016-02-11 01:20 - 2016-02-11 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-02-11 01:19 - 2016-02-12 14:01 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-02-11 01:04 - 2016-02-11 01:05 - 205471992 _____ (Emsisoft Ltd. ) C:\Users\Ryan\Downloads\EmsisoftAntiMalwareSetup.exe
2016-02-11 00:59 - 2016-02-11 00:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-11 00:43 - 2016-02-11 00:43 - 00005077 _____ C:\WirelessDiagLog.csv
2016-02-11 00:31 - 2016-02-11 00:31 - 00290896 _____ C:\WINDOWS\Minidump\021116-28953-01.dmp
2016-02-10 23:08 - 2016-02-10 23:09 - 00295176 _____ C:\WINDOWS\Minidump\021016-27406-01.dmp
2016-02-10 22:18 - 2016-02-10 22:18 - 00000000 ____D C:\iBTWU
2016-02-10 19:16 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 19:16 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 19:16 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 19:16 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 19:16 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 19:16 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 19:16 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 19:16 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 19:11 - 2016-01-19 13:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 19:11 - 2016-01-19 13:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 19:11 - 2016-01-19 13:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 19:11 - 2016-01-19 13:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 19:11 - 2016-01-19 13:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 19:11 - 2016-01-19 12:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 19:11 - 2016-01-19 12:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 19:11 - 2016-01-19 12:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 19:11 - 2016-01-19 12:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 19:11 - 2016-01-19 11:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 19:11 - 2016-01-19 10:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-10 19:10 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-10 19:10 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 19:10 - 2016-01-22 00:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 19:10 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-10 19:10 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-10 19:10 - 2016-01-21 23:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-02-10 19:10 - 2016-01-21 23:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 19:10 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-10 19:10 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-02-10 19:10 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-10 19:10 - 2016-01-21 23:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-10 19:10 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-10 19:10 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-10 19:10 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 19:10 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 19:10 - 2016-01-21 23:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-02-10 19:10 - 2016-01-21 23:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-10 19:10 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-02-10 19:10 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-10 19:10 - 2016-01-21 23:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-10 19:10 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-10 19:10 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-02-10 19:10 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 19:10 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-02-10 19:10 - 2016-01-10 11:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 19:10 - 2016-01-10 11:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 19:10 - 2016-01-10 11:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-10 19:10 - 2016-01-10 11:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 19:10 - 2016-01-10 11:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-10 19:10 - 2016-01-10 11:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 19:10 - 2016-01-10 10:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 19:10 - 2016-01-10 10:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-10 19:10 - 2016-01-10 10:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-10 19:10 - 2016-01-10 10:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 19:10 - 2016-01-10 10:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 19:10 - 2016-01-07 12:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-10 19:10 - 2016-01-06 12:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 19:10 - 2015-12-29 09:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 19:10 - 2015-12-29 09:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-10 19:10 - 2015-12-29 09:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-10 19:10 - 2015-12-29 09:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 19:10 - 2015-12-28 15:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-10 19:10 - 2015-12-28 14:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-10 19:10 - 2015-12-17 12:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 19:10 - 2015-12-17 10:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 18:55 - 2016-02-10 18:55 - 00287896 _____ C:\WINDOWS\Minidump\021016-29265-01.dmp
2016-02-10 18:54 - 2016-02-10 18:54 - 00000000 _____ C:\Users\Ryan\AppData\Local\{06D8AD44-047B-4EFF-9282-1262E461F857}
2016-02-10 18:52 - 2016-02-10 18:52 - 00295008 _____ C:\WINDOWS\Minidump\021016-27000-01.dmp
2016-02-09 23:54 - 2016-02-09 23:54 - 00296368 _____ C:\WINDOWS\Minidump\020916-25000-01.dmp
2016-02-09 15:43 - 2016-02-09 15:43 - 00291560 _____ C:\WINDOWS\Minidump\020916-27906-01.dmp
2016-02-09 14:58 - 2016-02-09 14:58 - 00291560 _____ C:\WINDOWS\Minidump\020916-26328-01.dmp
2016-02-09 12:18 - 2016-02-09 12:19 - 00290728 _____ C:\WINDOWS\Minidump\020916-26515-01.dmp
2016-02-09 12:10 - 2016-02-09 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-09 11:55 - 2016-02-09 11:56 - 00290784 _____ C:\WINDOWS\Minidump\020916-24125-01.dmp
2016-02-09 11:22 - 2016-02-09 11:22 - 00291168 _____ C:\WINDOWS\Minidump\020916-25031-01.dmp
2016-02-09 09:43 - 2016-02-09 09:43 - 00289424 _____ C:\WINDOWS\Minidump\020916-26015-01.dmp
2016-02-09 09:20 - 2016-02-09 09:20 - 00290728 _____ C:\WINDOWS\Minidump\020916-24484-01.dmp
2016-02-09 07:49 - 2016-02-09 07:49 - 00290728 _____ C:\WINDOWS\Minidump\020916-24156-01.dmp
2016-02-09 06:06 - 2016-02-09 06:06 - 00290728 _____ C:\WINDOWS\Minidump\020916-24140-01.dmp
2016-02-09 02:57 - 2016-02-09 02:57 - 00291560 _____ C:\WINDOWS\Minidump\020916-24093-01.dmp
2016-02-09 00:46 - 2016-02-09 00:46 - 00290728 _____ C:\WINDOWS\Minidump\020916-26343-01.dmp
2016-02-09 00:08 - 2016-02-09 00:08 - 00291560 _____ C:\WINDOWS\Minidump\020916-29437-01.dmp
2016-02-08 23:36 - 2016-02-08 23:36 - 00290728 _____ C:\WINDOWS\Minidump\020816-31312-01.dmp
2016-02-08 22:58 - 2016-02-08 22:58 - 00291560 _____ C:\WINDOWS\Minidump\020816-30375-01.dmp
2016-02-08 19:23 - 2016-02-08 19:24 - 00291616 _____ C:\WINDOWS\Minidump\020816-28593-01.dmp
2016-02-08 18:41 - 2016-02-08 18:41 - 00288624 _____ C:\WINDOWS\Minidump\020816-38859-01.dmp
2016-02-08 17:33 - 2016-02-08 17:33 - 00000000 ____D C:\Users\Ryan\AppData\Local\Foxit Reader
2016-02-08 11:01 - 2016-02-08 11:01 - 00003844 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446428779
2016-02-08 10:40 - 2016-02-10 00:54 - 00000000 ____D C:\Users\Ryan\AppData\Local\7C75F12C-36C5-4128-9927-EFBC85CCEDFD.aplzod
2016-02-08 10:22 - 2016-02-12 13:53 - 00000000 ___RD C:\Users\Ryan\iCloudDrive
2016-02-08 10:22 - 2016-02-08 10:22 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-02-08 10:22 - 2016-02-08 10:22 - 00000000 ____D C:\Users\Ryan\AppData\Local\Apple Inc
2016-02-08 09:00 - 2016-02-08 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-02-08 08:28 - 2016-02-08 08:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\Microsoft Help
2016-02-08 07:56 - 2016-02-08 07:56 - 00000000 ____D C:\Users\Ryan\Documents\Outlook Files
2016-02-07 20:32 - 2016-02-07 20:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\ArcGISRuntime
2016-02-07 12:18 - 2016-02-07 12:18 - 00000000 ____D C:\Users\Ryan\AppData\Local\Remove_Empty_Directories
2016-02-07 12:17 - 2016-02-07 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remove Empty Directories
2016-02-07 12:17 - 2016-02-07 12:17 - 00000000 ____D C:\Program Files (x86)\Remove Empty Directories
2016-01-31 12:32 - 2016-01-31 12:32 - 06128566 _____ C:\Users\Ryan\Downloads\lato.zip
2016-01-31 10:38 - 2016-01-31 10:38 - 00000000 ____D C:\Users\Ryan\Documents\Custom Office Templates
2016-01-31 08:53 - 2016-01-31 08:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-31 08:50 - 2016-01-31 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-31 08:47 - 2016-01-31 08:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-30 01:25 - 2016-01-30 01:25 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\com.erclab.air.phototransferapp
2016-01-30 01:25 - 2016-01-30 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoTransferApp
2016-01-30 01:25 - 2016-01-30 01:25 - 00000000 ____D C:\Program Files (x86)\Erclab
2016-01-30 00:45 - 2016-01-30 00:45 - 00287824 _____ C:\WINDOWS\Minidump\013016-25734-01.dmp
2016-01-29 22:25 - 2016-02-07 12:18 - 00000017 _____ C:\Users\Ryan\Downloads\Recycle Bin.yadiskTrash
2016-01-29 22:17 - 2016-01-29 22:17 - 00000000 ____D C:\Users\Ryan\Downloads\Other
2016-01-29 12:13 - 2016-02-02 08:05 - 00000000 ____D C:\workspace
2016-01-28 17:44 - 2016-01-28 17:44 - 00291392 _____ C:\WINDOWS\Minidump\012816-30312-01.dmp
2016-01-25 12:40 - 2016-01-25 12:40 - 00287824 _____ C:\WINDOWS\Minidump\012516-25828-01.dmp
2016-01-25 12:37 - 2016-01-25 12:37 - 00287864 _____ C:\WINDOWS\Minidump\012516-26000-01.dmp
2016-01-25 00:09 - 2016-01-29 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-24 08:16 - 2016-01-24 08:17 - 00293208 _____ C:\WINDOWS\Minidump\012416-26796-01.dmp
2016-01-23 16:14 - 2016-01-23 16:17 - 00235396 _____ C:\TDSSKiller.3.1.0.9_23.01.2016_16.14.00_log.txt
2016-01-23 16:04 - 2016-01-23 16:17 - 00000000 ____D C:\AdwCleaner
2016-01-23 15:52 - 2016-01-23 15:52 - 00624384 _____ C:\WINDOWS\Minidump\012316-28937-01.dmp
2016-01-23 10:49 - 2016-01-23 10:49 - 00291392 _____ C:\WINDOWS\Minidump\012316-49046-01.dmp
2016-01-21 12:10 - 2016-02-07 20:24 - 00000000 ____D C:\gisclass
2016-01-21 12:00 - 2016-02-12 13:51 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-21 12:00 - 2016-02-12 13:05 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-21 12:00 - 2016-01-21 12:00 - 00003892 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-01-21 12:00 - 2016-01-21 12:00 - 00003656 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-01-19 17:53 - 2016-02-07 20:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\ESRI
2016-01-19 17:53 - 2016-01-19 17:54 - 00000000 ____D C:\Users\Ryan\Documents\ArcGIS
2016-01-19 17:53 - 2016-01-19 17:53 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ESRI
2016-01-17 20:20 - 2016-01-22 21:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-217523585-929642698-2797516468-1003
2016-01-17 20:18 - 2016-01-17 20:18 - 00000000 ____D C:\Users\Malachite\AppData\Roaming\Leadertech
2016-01-17 20:15 - 2016-01-17 20:15 - 00001444 _____ C:\Users\Malachite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-17 20:15 - 2016-01-17 20:15 - 00000000 ____D C:\Users\Malachite\AppData\Roaming\Apple Computer
2016-01-17 20:15 - 2016-01-17 20:15 - 00000000 ____D C:\Users\Malachite\AppData\Roaming\Adobe
2016-01-17 20:15 - 2016-01-17 20:15 - 00000000 ____D C:\Users\Malachite\AppData\Local\Privatefirewall
2016-01-17 20:15 - 2016-01-17 20:15 - 00000000 ____D C:\Users\Malachite\AppData\Local\GWX
2016-01-17 20:14 - 2016-01-23 10:52 - 00000000 ____D C:\Users\Malachite
2016-01-17 20:14 - 2016-01-22 18:19 - 00000000 ____D C:\Users\Malachite\AppData\Local\Google
2016-01-17 20:14 - 2016-01-17 20:23 - 00002277 _____ C:\Users\Malachite\Desktop\Google Chrome.lnk
2016-01-17 20:14 - 2016-01-17 20:18 - 00000000 ____D C:\Users\Malachite\AppData\Local\Packages
2016-01-17 20:14 - 2016-01-17 20:14 - 00000020 ___SH C:\Users\Malachite\ntuser.ini
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 _SHDL C:\Users\Malachite\My Documents
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 _SHDL C:\Users\Malachite\Documents\My Videos
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 _SHDL C:\Users\Malachite\Documents\My Pictures
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 _SHDL C:\Users\Malachite\Documents\My Music
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 __SHD C:\Users\Malachite\IntelGraphicsProfiles
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 ____D C:\Users\Malachite\AppData\Roaming\Intel
2016-01-17 20:14 - 2016-01-17 20:14 - 00000000 ____D C:\Users\Malachite\AppData\Local\VirtualStore
2016-01-17 20:14 - 2015-11-02 20:09 - 00000000 ____D C:\Users\Malachite\AppData\Roaming\Macromedia
2016-01-17 20:14 - 2014-11-21 02:52 - 00000369 _____ C:\Users\Malachite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-17 20:14 - 2014-11-21 02:52 - 00000369 _____ C:\Users\Malachite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-16 13:50 - 2016-02-08 10:38 - 00000000 ____D C:\Users\Ryan\AppData\Local\Spotify
2016-01-16 13:50 - 2016-01-16 13:50 - 00001835 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-16 13:50 - 2016-01-16 13:50 - 00000000 ____D C:\Users\Ryan\AppData\Local\CEF
2016-01-16 13:49 - 2016-02-08 10:40 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Spotify
2016-01-14 05:41 - 2015-12-10 21:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-14 05:40 - 2015-12-10 18:13 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-14 05:40 - 2015-12-10 18:13 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-14 05:40 - 2015-12-10 18:13 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-14 05:40 - 2015-12-10 18:13 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-14 05:40 - 2015-12-07 04:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-14 05:40 - 2015-12-04 23:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-14 05:40 - 2015-12-04 23:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-14 05:40 - 2015-12-04 09:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-14 05:40 - 2015-12-03 13:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-14 05:40 - 2015-12-03 13:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-14 05:40 - 2015-12-03 13:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-14 05:40 - 2015-12-03 13:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-14 05:40 - 2015-12-03 13:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-14 05:40 - 2015-12-03 12:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-14 05:40 - 2015-12-03 12:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-14 05:40 - 2015-12-03 12:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-14 05:40 - 2015-12-03 12:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-14 05:40 - 2015-12-03 12:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-14 05:40 - 2015-12-03 12:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-14 05:40 - 2015-12-03 12:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-14 05:40 - 2015-12-03 12:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-14 05:40 - 2015-12-03 12:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-14 05:40 - 2015-12-03 12:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-14 05:40 - 2015-12-03 11:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-14 05:40 - 2015-12-03 11:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-14 05:40 - 2015-12-03 11:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-14 05:40 - 2015-12-03 11:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-14 05:40 - 2015-12-03 11:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-14 05:40 - 2015-12-03 11:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-14 05:40 - 2015-12-03 11:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-14 05:40 - 2015-12-03 11:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-14 05:40 - 2015-12-03 11:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-14 05:40 - 2015-12-03 11:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-14 05:40 - 2015-12-03 11:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-14 05:40 - 2015-12-03 11:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-14 05:40 - 2015-12-03 11:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-14 05:40 - 2015-12-03 11:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-14 05:40 - 2015-12-03 10:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-14 05:40 - 2015-12-03 10:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-14 05:40 - 2015-12-03 10:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-14 05:40 - 2015-12-02 09:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-14 05:40 - 2015-12-02 09:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-14 05:39 - 2015-12-08 13:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-14 05:39 - 2015-12-08 13:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-14 03:28 - 2016-01-14 03:28 - 00000000 ____D C:\ProgramData\ESRI
2016-01-14 01:34 - 2016-01-14 02:07 - 00000000 ____D C:\ProgramData\FLEXnet
2016-01-14 01:21 - 2016-01-14 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2016-01-13 02:46 - 2016-01-13 03:04 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-01-13 02:20 - 2016-01-13 02:20 - 00000000 ____D C:\Python27_arcgis
2016-01-13 02:20 - 2016-01-13 02:20 - 00000000 ____D C:\Program Files (x86)\ArcGIS
2016-01-13 02:17 - 2016-01-13 02:17 - 00000000 ____D C:\Users\Ryan\Documents\ArcGIS 10.2.2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 14:00 - 2015-11-08 15:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Copy
2016-02-12 13:59 - 2015-11-01 19:58 - 00000000 ____D C:\Users\Ryan\AppData\Local\ClassicShell
2016-02-12 13:59 - 2013-06-10 17:35 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-02-12 13:56 - 2015-11-12 21:13 - 00000000 ___RD C:\Users\Ryan\Dropbox
2016-02-12 13:56 - 2015-11-02 20:37 - 00000000 ___DO C:\Users\Ryan\OneDrive
2016-02-12 13:56 - 2015-11-01 19:56 - 00000000 ____D C:\Users\Ryan\AppData\Local\Dropbox
2016-02-12 13:56 - 2015-11-01 10:21 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-217523585-929642698-2797516468-1001
2016-02-12 13:55 - 2015-11-01 19:46 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-12 13:51 - 2015-11-02 20:34 - 00000000 __SHD C:\Users\Ryan\IntelGraphicsProfiles
2016-02-12 13:51 - 2015-11-01 10:24 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 13:50 - 2016-01-10 03:36 - 762247947 _____ C:\WINDOWS\MEMORY.DMP
2016-02-12 13:50 - 2015-12-18 19:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-12 13:50 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-12 13:41 - 2015-11-01 10:24 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 13:13 - 2015-12-24 19:04 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2016-02-12 12:51 - 2015-11-02 20:04 - 00000000 ____D C:\Users\Ryan
2016-02-12 12:18 - 2015-11-13 12:13 - 00000000 ___RD C:\Users\Ryan\YandexDisk
2016-02-12 12:15 - 2015-12-18 19:13 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2016-02-11 01:36 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-11 01:35 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-11 01:34 - 2015-11-01 19:53 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2016-02-10 22:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-10 21:53 - 2013-08-22 08:44 - 00484952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-10 21:49 - 2014-11-21 02:25 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 19:42 - 2015-11-01 10:24 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 19:26 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 19:06 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-09 23:55 - 2015-11-01 19:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-09 14:08 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-09 12:11 - 2015-11-01 19:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-09 05:13 - 2015-11-14 01:10 - 00007658 _____ C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2016-02-08 17:37 - 2013-06-10 17:29 - 00883630 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-08 17:26 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-08 12:11 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-08 11:19 - 2015-11-13 12:14 - 00000000 ___HD C:\Users\Ryan\Downloads\.sync
2016-02-08 10:58 - 2015-11-01 19:46 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-08 10:46 - 2015-11-01 20:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\Apple
2016-02-08 10:25 - 2015-11-01 20:02 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2016-02-08 09:00 - 2015-11-01 20:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\Apple Computer
2016-02-08 08:59 - 2015-11-01 19:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-07 19:09 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-07 12:53 - 2015-11-01 10:13 - 00000000 ____D C:\Users\Ryan\AppData\Local\Packages
2016-02-07 12:18 - 2015-11-14 01:21 - 00000000 ___RD C:\Users\Ryan\Downloads\Old photos
2016-02-03 19:35 - 2015-11-01 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-02 12:36 - 2015-11-01 10:24 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 12:36 - 2015-11-01 10:24 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 20:37 - 2014-11-21 10:03 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-01 20:37 - 2014-11-21 10:03 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-31 09:26 - 2015-12-18 19:13 - 00000000 ____D C:\Users\Ryan\Downloads\Compressed
2016-01-30 00:15 - 2015-11-14 10:52 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\IrfanView
2016-01-29 22:18 - 2015-11-08 16:14 - 00000000 ___RD C:\Users\Ryan\Copy
2016-01-29 21:53 - 2015-11-01 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-23 11:00 - 2015-11-01 13:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-21 12:01 - 2015-11-01 19:56 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Dropbox
2016-01-17 20:23 - 2013-06-10 17:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Dell
2016-01-16 13:33 - 2015-11-01 13:03 - 143671360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-15 08:23 - 2014-11-21 02:44 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 08:06 - 2015-11-01 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 02:14 - 2015-11-01 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-15 02:13 - 2015-11-01 19:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 02:10 - 2015-11-01 10:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 01:18 - 2015-11-09 17:38 - 00000000 ____D C:\Python27
2016-01-13 03:05 - 2015-11-09 17:46 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-01-13 03:04 - 2015-11-21 06:22 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-01-13 03:04 - 2015-11-13 12:48 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-13 03:04 - 2013-06-10 17:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-13 03:04 - 2013-06-10 17:23 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-01-13 02:59 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration
2016-01-13 02:58 - 2013-06-10 17:18 - 00000000 ____D C:\ProgramData\Dell
2016-01-13 02:43 - 2015-11-13 12:47 - 00000000 ____D C:\Users\Ryan\AppData\Local\Deployment
 
==================== Files in the root of some directories =======
 
2015-11-14 01:10 - 2016-02-09 05:13 - 0007658 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2016-02-10 18:54 - 2016-02-10 18:54 - 0000000 _____ () C:\Users\Ryan\AppData\Local\{06D8AD44-047B-4EFF-9282-1262E461F857}
2015-11-01 19:21 - 2015-11-01 19:21 - 0000032 _____ () C:\ProgramData\Temp.log
2013-06-10 17:32 - 2013-06-10 17:33 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-10 17:28 - 2013-06-10 17:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-10 17:29 - 2013-06-10 17:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-10 17:27 - 2013-06-10 17:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-10 17:30 - 2013-06-10 17:32 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Files to move or delete:
====================
C:\Users\Ryan\Start.exe
 
 
Some files in TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-11 04:10
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:11 PM

Posted 13 February 2016 - 11:36 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

[B]Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HomePage: Default -> hxxp://www.startpage.com/
CHR StartupUrls: Default -> "hxxps://startpage.com/","hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> startpage.com
CHR Extension: (Flash Video Downloader) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-01-23][/B]
C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.


Please let me know what problem persists with this computer.

#3 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 15 February 2016 - 11:49 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Ryan (2016-02-15 22:20:05) Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Malachite)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HomePage: Default -> hxxp://www.startpage.com/
CHR StartupUrls: Default -> "hxxps://startpage.com/","hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> startpage.com
CHR Extension: (Flash Video Downloader) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-01-23]
C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Bluetooth Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::a027:6653:7a43:6dfb%7
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Bluetooth Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 192.168.11.33
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.11.1
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::a027:6653:7a43:6dfb%7
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[B]SDWinLogon => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc => moved successfully
"C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc" => not found.
EmptyTemp: => 1.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:22:13 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:11 PM

Posted 16 February 2016 - 09:27 AM

Lets see what we can find about your BSOD.

Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Please scroll down the Information window to copy and paste the results in your next reply.

whocra11.png



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:11 PM

Posted 22 February 2016 - 09:14 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users