Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need to remove the virus "Behavior:Win32/Powermet.B!attk"


  • This topic is locked This topic is locked
14 replies to this topic

#1 crosby

crosby

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 August 2017 - 03:59 AM

I have had to use several internet cafe's recently and must have brought a virus back to my PC on a flash drive. I have run Windows defender and Malwarebytes but neither of them have been able to get rid of Behavior:Win32/Powermet.B!attk

 

This is message I get on Windows defender:

Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items: internalbehavior:51FDD599CF7F69D027F722D5D6C34D82
 
Can someone please help me remove this virus? Thank you very much.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Sky (24-08-2017 03:49:41)
Running from C:\Users\Sky\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-02 17:26:30)
Boot Mode: Normal
==========================================================
 
==================== Accounts: =============================
Administrator (S-1-5-21-2335592601-912487484-2578388224-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2335592601-912487484-2578388224-503 - Limited - Disabled)
Guest (S-1-5-21-2335592601-912487484-2578388224-501 - Limited - Disabled)
Sky (S-1-5-21-2335592601-912487484-2578388224-1001 - Administrator - Enabled) => C:\Users\Sky
 
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
ClipGrab 3.6.5 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Debenu PDF Tools 3.1.1.1 (HKLM-x32\...\Debenu PDF Tools) (Version: 3.1.1.1 - Debenu)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{15FAF1DC-3F11-40B6-9B2D-7051BD51DD87}) (Version: 5.10.4643 - GoPro, Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.9.1.7469 (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\GoToMeeting) (Version: 8.9.1.7469 - LogMeIn, Inc.)
Icecream Screen Recorder version 4.50 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.50 - Icecream Apps)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cd9f6851-cf78-4064-a8fd-7ac984b2a690}) (Version: 18.20.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KB4023057 (HKLM\...\{0339C035-CB0E-4AA1-8A94-6C306982BD86}) (Version: 2.1.0.0 - Microsoft Corporation)
LANDR (HKLM-x32\...\{b4180ac7-d565-4e07-a1ee-f224c708e63a}) (Version: 1.5.0.0 - LANDR Audio)
LANDR (HKLM-x32\...\{DAA5DA0B-37EB-47C9-BA09-3C7E071ACF7A}) (Version: 1.5.0.0 - LANDR Audio) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{0051F46C-803F-4B2D-8816-A80B2B217292}) (Version: 4.26.1.0 - Domit LTD)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 4.00 - NCH Software)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quik (HKLM\...\{DA17DAC7-5559-46CF-BF8F-737BC4B7ED14}) (Version: 0.1.4643 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{71fc4e33-8ac1-4b21-8cb5-040ce8986c4e}) (Version: 2.0.0.4643 - GoPro, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0067 - ST Microelectronics)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Tidiochat (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\TidioChat) (Version: 3.0.0 - Tidio Chat)
VFW_Codec32 (HKLM-x32\...\{3F85CA55-7192-40E6-9EF1-60228D45DED3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{1D540D0B-A42E-4C6F-9B55-EEC232F080C1}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.01 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebM Project Directshow Filters (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A7CB25B52098}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sky\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [PDFTools] -> {1A359BC8-317D-462a-AD1C-51022D771581} => C:\Program Files (x86)\Debenu\PDF Tools\PDFToolsShell64.dll [2015-06-17] (Debenu Pty Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers4: [PDFTools] -> {1A359BC8-317D-462a-AD1C-51022D771581} => C:\Program Files (x86)\Debenu\PDF Tools\PDFToolsShell64.dll [2015-06-17] (Debenu Pty Ltd.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11F1DCCA-9AC0-48DE-A5F8-CDC5B5CC6192} - System32\Tasks\G2MUploadTask-S-1-5-21-2335592601-912487484-2578388224-1001 => C:\Users\Sky\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {17F0B629-5F35-43DA-B194-6CA98CE92A65} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
Task: {27C6309B-A3F6-415F-B9DF-135DCB43F7A3} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sky\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {3D188458-4F3F-4F8D-BE56-1F6B93EA8028} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {43941A39-6F0A-4E48-BA50-1C1AAB933C78} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-skycrosby@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-06] (Adobe Systems Incorporated)
Task: {4B7B6ECB-823E-47DE-BA8C-52557C163AF3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {5054987A-2CC1-4501-8135-1994024C57C2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-21] (Dropbox, Inc.)
Task: {5E4FB45C-16EA-4092-92F1-CBCF52BD38C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-10] (Google Inc.)
Task: {6017D2C9-5D68-45D0-B313-9B55DF7FB0E7} - \ByteFence -> No File <==== ATTENTION
Task: {6065026B-E165-4A0B-B1A3-20C0CAE5FE54} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {653A633E-2D6D-4E03-AACB-94229995E3C9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {71248C6C-3C95-4109-A709-DE369673C73D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
Task: {71FDADF7-69BC-400F-A064-DFE14BC088CC} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {898892A2-13CF-4A24-ABFE-149B9D5DDB06} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-07-11] (Microsoft Corporation)
Task: {89B0B5C2-A100-43AE-A661-376F79F7BD62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
Task: {A0EE0A29-1BB9-4FA8-8BC3-3569F21FDF44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
Task: {A31AC14C-0524-4926-9B29-4C95D8103CB9} - System32\Tasks\NordVPN Client auto-start => C:\Program Files\NordVPN\NordVPN Client.exe
Task: {A49016D3-B74F-42C5-841D-03AA0D8F58B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {B85200A7-CC02-4C08-8781-AC4AC9609B11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {BAE72967-7A74-4BF1-9BBC-674C2C725977} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-06-08] (Adobe Systems Incorporated)
Task: {C321B8A3-3007-4ADF-A4FC-738A604A0F38} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {CD03C518-879A-40D9-B02A-C74DE684983A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-21] (Dropbox, Inc.)
Task: {CD61F658-1F55-423A-8C08-301D7CA97398} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-10] (Google Inc.)
Task: {E286D13C-FAED-4E3B-AAF5-DF5C69356D40} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {EA50F309-E959-4F17-8B11-511C89ADEF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {F4B309FD-40F0-4F68-93B4-7E22B77FC300} - System32\Tasks\G2MUpdateTask-S-1-5-21-2335592601-912487484-2578388224-1001 => C:\Users\Sky\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F61E6BF8-C567-4F8A-B5B5-240808221B3C} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {FF725BD2-500D-417A-9330-7B8C18C02042} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2335592601-912487484-2578388224-1001.job => C:\Users\Sky\AppData\Local\GoToMeeting\7469\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2335592601-912487484-2578388224-1001.job => C:\Users\Sky\AppData\Local\GoToMeeting\7469\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Sky\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
ShortcutWithArgument: C:\Users\Sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BrowserStack Local.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mfiddfehmfdojjfdpfngagldgaaafcfo
 
==================== Loaded Modules (Whitelisted) ==============
2015-11-28 18:06 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-19 12:11 - 2015-05-19 12:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-08-23 23:29 - 2017-08-21 07:20 - 002264520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-02 04:09 - 2016-12-02 04:09 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-02 14:12 - 2016-10-02 14:12 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-02 12:18 - 2016-08-01 07:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-07 16:43 - 2017-02-16 00:21 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-02 14:12 - 2016-10-02 14:12 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 19:56 - 2016-11-02 05:30 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-09 20:06 - 2017-04-09 20:07 - 002151632 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-04-09 20:06 - 2017-04-09 20:07 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-11-08 19:55 - 2016-11-02 05:21 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 19:56 - 2016-11-02 05:15 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 19:56 - 2016-11-02 05:14 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 19:55 - 2016-11-02 05:15 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 19:55 - 2016-11-02 05:16 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 19:56 - 2016-11-02 05:17 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-02 04:09 - 2016-12-02 04:09 - 000866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2017-08-17 22:06 - 2017-08-11 02:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 22:06 - 2017-08-11 02:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2016-05-22 20:32 - 2016-05-22 20:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-07-04 14:17 - 2017-06-27 11:15 - 066355808 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
2015-06-24 04:07 - 2015-06-24 04:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-11-28 01:24 - 2015-10-11 22:05 - 000013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-03 04:36 - 2016-06-03 04:36 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-08-23 14:52 - 2017-08-22 11:55 - 000757568 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-08-23 14:52 - 2017-08-22 11:55 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-27 14:14 - 2017-08-22 11:53 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-23 14:52 - 2017-08-22 11:53 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-27 14:14 - 2017-08-22 11:53 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-08-23 14:52 - 2017-08-22 11:53 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-27 14:14 - 2017-08-22 11:57 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-27 14:14 - 2017-08-22 11:58 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-08-23 14:52 - 2017-08-22 11:57 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-08-23 14:52 - 2017-08-22 11:56 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-27 14:14 - 2017-08-22 11:57 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-08-23 14:52 - 2017-08-22 11:57 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-27 14:14 - 2017-08-22 11:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-06-08 01:10 - 2016-06-08 01:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 01:10 - 2016-06-08 01:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 01:10 - 2016-06-08 01:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 01:10 - 2016-06-08 01:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-06-08 01:41 - 2016-06-08 01:41 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 01:10 - 2016-06-08 01:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Sky\Documents\Amy Atwood Showroom.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\Bragg hill mirror mantle.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\Environamics Office (1).jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\Environamics Office (2).jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\LaFrance bookcase kitchen.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\tpaak_phototour05 2.png:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2017-08-23 23:04 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{219DAF2A-5229-4A14-96D5-CC9BAA13B314}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7B80E64-0391-420F-8DC5-78C3CE044291}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B622468B-4FEA-4A5C-B321-4D790FCAEC1E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{90D229BC-14A6-474A-A5B2-7E1328CA3762}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BF98B14D-34B8-42E1-B87B-0CB662AEED20}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{705F8932-6F47-495E-9EE4-FDF7430EF31C}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7327C03A-1AE6-41F1-BDF9-612E6488B20A}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F8E2FF62-AE69-4849-8D9C-E7EAAFB1DC7D}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B2B03150-3804-460C-91DA-994106A857EE}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4EB782CA-4A84-4A23-940A-C57640B563FE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5C6BFCC5-62ED-4041-A0D3-4940E2407253}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8E0ABF6B-C4F6-4517-B2B6-A3B196197811}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8DB5131C-8420-4AD8-85E0-6F77A444618D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3560E696-5490-48DF-9CDC-57B023631142}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B1E5C1A0-7E26-4F62-B746-F0B0343D5F11}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{86FEB7B9-4A5D-4A1B-9672-3AA15CA13EBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E48894AF-F13B-4B9F-906D-E5BDFFADDC7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5EAEF4A7-CF0F-49C6-9691-8DCA0FE76130}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DA3F9291-DD78-4B65-B330-1C17AD3BC31C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F41745BE-50FA-45A5-8BF8-36CAFD98C6B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{283BA2EB-761C-47D0-86AE-E5A409631329}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9258947D-82EC-4E2A-9EFA-FEE15724DE7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CE4E41DD-3615-44FC-A105-98C062F91897}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4BA8EBD1-95DD-4450-B782-3E5851DC1410}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\Quik.exe
FirewallRules: [{C24EAAE6-3577-447A-8A77-C860D5807C00}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{7A158E9D-1CA2-4BC0-8DFA-5A89BFD787B9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{2FFF7441-04DD-4198-8AE0-1FE722E6867A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [TCP Query User{5AD0A171-6BE1-406F-B124-8BF7B0B4086E}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{81C358B3-1DE0-409D-9810-4C1E3D501E52}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4BD5AD5-790B-4E3A-A53E-94155209AFEE}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D7BD7958-D589-444B-974A-C4980B89E06C}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6A8FD0D1-5955-46A5-9158-98D823623D1D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{51D21836-8ABF-48A1-9A0F-46862A86F7F6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{0953B44C-6E6D-470C-BE30-B29C48DA5BDD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{1E5B2A41-B09D-4C27-830B-34BBFA2C7E40}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C7CBF6B7-9358-4DD1-8EA0-FA5695DA5011}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{96A09C23-D601-4FD0-A683-11479DB2B5DE}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{6176A0AB-F5EB-46A8-B55D-4D5C9BF0DA1A}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{ED1B66B0-59EA-4297-970F-49FCBBA95855}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{590B77DC-E517-4820-8200-F35CA2F9F793}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Block) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{37912C5B-6C93-4179-8499-36E96CB33B95}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Block) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{3BA7356D-A2C4-4CB9-99D9-0907CD2772D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BCE28D7D-CFFD-45D2-AC06-6773EB097505}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
20-08-2017 11:49:01 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2017 12:19:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 11:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ByteFenceService.exe, version: 3.11.0.0, time stamp: 0x59491c98
Faulting module name: mscorwks.dll, version: 2.0.50727.8745, time stamp: 0x573d296c
Exception code: 0xc0000005
Fault offset: 0x00000000000f3899
Faulting process id: 0x%9
Faulting application start time: 0xByteFenceService.exe0
Faulting application path: ByteFenceService.exe1
Faulting module path: ByteFenceService.exe2
Report Id: ByteFenceService.exe3
Faulting package full name: ByteFenceService.exe4
Faulting package-relative application ID: ByteFenceService.exe5
 
Error: (08/23/2017 11:44:42 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8745 - Fatal Execution Engine Error (00007FFCF3A60D3E) (80131506)
 
Error: (08/23/2017 11:29:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (08/23/2017 11:29:55 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
 
Error: (08/23/2017 11:29:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2017 11:07:29 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\WINDOWS\system32\netfxperf.dll" service in DLL ".NET Data Provider for SqlServer" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
 
Error: (08/23/2017 10:01:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 09:01:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 07:46:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/24/2017 03:28:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 03:28:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 03:28:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 12:19:02 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ADL7A4T)
Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
 
Error: (08/24/2017 12:16:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 12:16:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 12:16:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 12:15:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/24/2017 12:15:47 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
 
Error: (08/23/2017 11:45:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ByteFence Anti-Malware Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-08-20 11:49:29.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-15 23:40:49.126
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 14:45:36.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-10 08:22:11.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-08 23:00:22.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-08 10:56:30.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-07 09:09:18.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-04 15:39:27.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 00:00:55.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-30 00:34:03.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 27%
Total physical RAM: 16282.57 MB
Available physical RAM: 11861.8 MB
Total Virtual: 18714.57 MB
Available Virtual: 14184.88 MB
 
==================== Drives ================================
 
Drive c: (240SSD) (Fixed) (Total:223.02 GB) (Free:10.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by hamluis, 24 August 2017 - 04:05 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 24 August 2017 - 11:11 AM

crosby:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I would ask that you please copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs once I receive both of them.  You only copy and pasted the "Addition.txt" log.  Please copy and paste the contents of the "FRST.txt" log, which will be located in the same folder as FRST64.exe: which was run from: C:\Users\Sky\Downloads.  The sooner you post that missing log, the sooner we can get started disinfecting your computer.  Once I have both logs, it could take a day or two to analyze them and prepare an initial FRST "fixlist" script for you.
 
After you have copied and pasted the missing "FRST.txt" log file, PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME. Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 crosby

crosby
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 August 2017 - 11:31 AM

Hello Phil, thank you so much for helping me with this, please call me Sky. I ran a few different scans after I posted this, but before I saw your post, so I have re-run the FRST and have posted the results below. I trust I have included everything you need to get started. If not, please let me know.

 

Thanks again,

 

Sky

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Sky (administrator) on DESKTOP-ADL7A4T (24-08-2017 11:35:09)
Running from C:\Users\Sky\Downloads\FRST-OlderVersion
Loaded Profiles: Sky (Available Profiles: Sky)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Spotify Ltd) C:\Users\Sky\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Sky\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Sky\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Sky\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Sky\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\native_proxy.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-06] (Adobe Systems Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-12-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Run: [Icecream_Screen_Recorder_Prefetcher] => C:\Program Files (x86)\Icecream Screen Recorder\recorder.exe [5177856 2016-10-21] (Icecream)
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Run: [Spotify Web Helper] => C:\Users\Sky\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Run: [Spotify] => C:\Users\Sky\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Run: [GoogleChromeAutoLaunch_F2D4D6612D8DEB5373398DA560E4BCF3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-11] (Google Inc.)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-01-04]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-01-04]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-01-04]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c79f493-1247-466c-a0c8-7a44d94c46a1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a6c5c330-04ab-40e9-b57d-0fccb91a6aa6}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{a6c5c330-04ab-40e9-b57d-0fccb91a6aa6}: [DhcpNameServer] 78.46.223.24 162.242.211.137
Tcpip\..\Interfaces\{ccde4890-e31a-409e-b19a-64447f8b4008}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{ccde4890-e31a-409e-b19a-64447f8b4008}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-24] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-24] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 4y2vzcs6.default
FF ProfilePath: C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\4y2vzcs6.default [2017-08-24]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4y2vzcs6.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4y2vzcs6.default -> Yahoo! Powered
FF Extension: (iMacros for Firefox) - C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\4y2vzcs6.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-10-04]
FF Extension: (Adblock Plus) - C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\4y2vzcs6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default [2017-08-24]
CHR Extension: (Google Slides) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-30]
CHR Extension: (Google Docs) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-30]
CHR Extension: (Google Drive) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30]
CHR Extension: (YouTube) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
CHR Extension: (Adblock Plus) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Google Search) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
CHR Extension: (MozBar) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2017-07-28]
CHR Extension: (Full Page Screen Capture) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-05]
CHR Extension: (Google Sheets) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (Audio Joiner) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihiafjkopgiakbmihgoieodihjcblfbk [2016-12-13]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2017-05-17]
CHR Extension: (Unicorn Smasher) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2017-07-02]
CHR Extension: (BrowserStack Local) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo [2017-05-05]
CHR Extension: (True Key™ by Intel Security) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2017-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\Sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-21] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-12-02] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-21] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-08-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-08-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-08-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-08-24] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3524352 2016-07-01] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [763120 2015-08-10] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-16] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [134872 2015-05-21] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-24 14:23 - 2017-08-24 14:23 - 088604672 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-24 03:49 - 2017-08-24 03:50 - 000063714 _____ C:\Users\Sky\Downloads\Addition.txt
2017-08-24 03:48 - 2017-08-24 11:35 - 000000000 ____D C:\Users\Sky\Downloads\FRST-OlderVersion
2017-08-24 03:48 - 2017-08-24 11:35 - 000000000 ____D C:\FRST
2017-08-24 03:48 - 2017-08-24 03:50 - 000053050 _____ C:\Users\Sky\Downloads\FRST.txt
2017-08-24 03:48 - 2017-08-24 03:48 - 002395648 _____ (Farbar) C:\Users\Sky\Downloads\FRST64.exe
2017-08-24 03:42 - 2017-08-24 03:43 - 000000000 ____D C:\ProgramData\Oracle
2017-08-24 03:42 - 2017-08-24 03:42 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-08-24 03:42 - 2017-08-24 03:42 - 000000000 ____D C:\Users\Sky\AppData\Roaming\Sun
2017-08-24 03:42 - 2017-08-24 03:42 - 000000000 ____D C:\Users\Sky\AppData\LocalLow\Sun
2017-08-24 03:42 - 2017-08-24 03:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-24 03:42 - 2017-08-24 03:42 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-24 01:59 - 2017-08-24 14:23 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-23 23:29 - 2017-08-24 11:28 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-23 23:29 - 2017-08-24 11:23 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-23 23:29 - 2017-08-24 11:23 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-23 23:29 - 2017-08-24 11:23 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-23 23:29 - 2017-08-23 23:29 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-23 23:29 - 2017-08-23 23:29 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-23 23:29 - 2017-08-23 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-23 23:29 - 2017-08-23 23:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-23 23:29 - 2017-08-23 23:29 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-23 23:29 - 2017-08-21 07:20 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-23 23:16 - 2017-08-23 23:28 - 065942208 _____ (Malwarebytes ) C:\Users\Sky\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-23 22:52 - 2017-08-24 11:29 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-08-23 14:52 - 2017-08-23 14:52 - 000085527 _____ C:\Users\Sky\Downloads\Order # 1143 Packing Slip.pdf
2017-08-23 14:52 - 2017-08-23 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 11:55 - 2017-08-22 11:55 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-22 11:55 - 2017-08-22 11:55 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-22 11:55 - 2017-08-22 11:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-22 11:55 - 2017-08-22 11:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-22 09:29 - 2017-08-22 09:29 - 000000085 _____ C:\Users\Sky\Downloads\BingSiteAuth.xml
2017-08-21 19:44 - 2017-08-21 19:44 - 004437370 _____ C:\Users\Sky\Downloads\21 Pista 21.m4a
2017-08-21 12:01 - 2017-08-21 12:01 - 002709364 _____ C:\Users\Sky\Downloads\40 Pista 40.m4a
2017-08-21 11:48 - 2017-08-21 11:48 - 003542079 _____ C:\Users\Sky\Downloads\38 Pista 38.m4a
2017-08-21 09:23 - 2017-08-21 09:23 - 000070829 _____ C:\Users\Sky\Downloads\0811_001 (1).pdf
2017-08-21 09:22 - 2017-08-21 09:22 - 000070829 _____ C:\Users\Sky\Downloads\0811_001.pdf
2017-08-20 19:19 - 2017-08-20 19:19 - 000022524 _____ C:\Users\Sky\Downloads\Stainless Steel & Blk Wheel SKU & Price.pdf
2017-08-19 19:27 - 2017-08-19 19:27 - 000000000 ____D C:\Users\Sky\Downloads\O.J.Simpson.Made.in.America.Part.5.HDTV.x264-CROOKS[ettv]
2017-08-19 19:26 - 2017-08-19 19:26 - 000000000 ____D C:\Users\Sky\Downloads\O.J.Simpson.Made.in.America.Part.4.HDTV.x264-CROOKS[ettv]
2017-08-19 19:26 - 2017-08-19 19:26 - 000000000 ____D C:\Users\Sky\Downloads\O.J.Simpson.Made.in.America.Part.3.HDTV.x264-CROOKS[ettv]
2017-08-19 19:26 - 2017-08-19 19:26 - 000000000 ____D C:\Users\Sky\Downloads\O.J.Simpson.Made.in.America.Part.2.HDTV.x264-CROOKS[ettv]
2017-08-19 19:25 - 2017-08-19 19:25 - 000000000 ____D C:\Users\Sky\Downloads\O.J.Simpson.Made.in.America.Part.1.HDTV.x264-CROOKS[ettv]
2017-08-18 20:36 - 2017-08-18 20:49 - 000000000 ____D C:\Users\Sky\Downloads\It Comes At Night 2017 720p BrRip x264 - SiMPLE
2017-08-18 20:33 - 2017-08-19 19:24 - 000000000 ____D C:\Users\Sky\AppData\LocalLow\BitTorrent
2017-08-18 00:37 - 2017-08-18 00:37 - 003328932 _____ C:\Users\Sky\Downloads\16 Pista 16.m4a
2017-08-17 23:25 - 2017-08-17 23:25 - 004394167 _____ C:\Users\Sky\Downloads\18 Pista 18.m4a
2017-08-17 23:07 - 2017-08-17 23:07 - 002134074 _____ C:\Users\Sky\Downloads\19 Pista 19 (1).m4a
2017-08-17 13:58 - 2017-08-17 13:58 - 000083690 _____ C:\Users\Sky\Downloads\Order # 1139 Packing Slip.pdf
2017-08-17 13:55 - 2017-08-17 13:55 - 000084071 _____ C:\Users\Sky\Downloads\Order # 1137 Packing Slip.pdf
2017-08-15 13:02 - 2017-08-15 13:02 - 000108260 _____ C:\Users\Sky\Downloads\Marderosian barn door.pdf
2017-08-15 12:36 - 2017-08-15 12:36 - 000011808 _____ C:\Users\Sky\Downloads\POSEY BARN DOOR_8-2-17.pdf
2017-08-15 12:36 - 2017-08-15 12:36 - 000008802 _____ C:\Users\Sky\Downloads\MARDEROSIAN Barn Door_7-21-17 (1).pdf
2017-08-15 12:29 - 2017-08-15 12:29 - 000113032 _____ C:\Users\Sky\Desktop\Gmail - FW_ POSEY BARN DOOR.pdf
2017-08-15 11:48 - 2017-08-15 11:48 - 000128822 _____ C:\Users\Sky\Downloads\Ad group negative keywords report.csv
2017-08-14 14:54 - 2017-08-14 14:54 - 000085078 _____ C:\Users\Sky\Downloads\Order # 1133 Packing Slip.pdf
2017-08-14 11:50 - 2017-08-14 11:50 - 000023850 _____ C:\Users\Sky\Downloads\msg0041.WAV
2017-08-13 21:39 - 2017-08-13 21:39 - 000012252 _____ C:\Users\Sky\Downloads\products_export (52) - products_export (52) (1).csv
2017-08-13 21:37 - 2017-08-13 21:37 - 000010907 _____ C:\Users\Sky\Downloads\products_export (51) - products_export (51) (2).csv
2017-08-13 21:34 - 2017-08-13 21:34 - 000011732 _____ C:\Users\Sky\Downloads\products_export (50) - products_export (50) (2).csv
2017-08-13 21:34 - 2017-08-13 21:34 - 000008658 _____ C:\Users\Sky\Downloads\products_export (50).xlsx
2017-08-13 21:24 - 2017-08-13 21:24 - 000011963 _____ C:\Users\Sky\Downloads\products_export (54) - products_export (54).csv
2017-08-13 21:05 - 2017-08-13 21:05 - 000012168 _____ C:\Users\Sky\Downloads\products_export (53) - products_export (53) (1).csv
2017-08-13 20:57 - 2017-08-13 20:57 - 000012304 _____ C:\Users\Sky\Downloads\products_export (54).csv
2017-08-13 20:11 - 2017-08-13 20:11 - 000012238 _____ C:\Users\Sky\Downloads\products_export (53) - products_export (53).csv
2017-08-13 19:51 - 2017-08-13 19:51 - 000012510 _____ C:\Users\Sky\Downloads\products_export (53).csv
2017-08-13 18:10 - 2017-08-13 18:10 - 000012322 _____ C:\Users\Sky\Downloads\products_export (52) - products_export (52).csv
2017-08-13 18:00 - 2017-08-13 18:00 - 000012593 _____ C:\Users\Sky\Downloads\products_export (52).csv
2017-08-13 16:05 - 2017-08-13 16:05 - 000010977 _____ C:\Users\Sky\Downloads\products_export (51) - products_export (51) (1).csv
2017-08-13 16:01 - 2017-08-13 16:01 - 000011117 _____ C:\Users\Sky\Downloads\products_export (51) - products_export (51).csv
2017-08-13 15:49 - 2017-08-13 15:49 - 000011448 _____ C:\Users\Sky\Downloads\products_export (51).csv
2017-08-13 15:28 - 2017-08-13 15:28 - 000011802 _____ C:\Users\Sky\Downloads\products_export (50) - products_export (50) (1).csv
2017-08-13 15:23 - 2017-08-13 15:23 - 000011802 _____ C:\Users\Sky\Downloads\products_export (50) - products_export (50).csv
2017-08-13 14:45 - 2017-08-13 14:45 - 000011923 _____ C:\Users\Sky\Downloads\products_export (50).csv
2017-08-12 13:57 - 2017-08-12 13:57 - 000000000 ____D C:\WINDOWS\Panther
2017-08-11 20:06 - 2017-08-11 20:18 - 945301452 _____ C:\Users\Sky\Downloads\Chuck.2016.LIMITED.720p.BRRip.900MB.MkvCage.mkv
2017-08-11 17:30 - 2017-08-11 17:30 - 000001961 _____ C:\Users\Sky\Downloads\cdr-WOuQ2J.csv
2017-08-11 17:22 - 2017-08-11 17:22 - 000075453 _____ C:\Users\Sky\Downloads\Quotation #17517.PDF
2017-08-11 17:04 - 2017-08-11 17:05 - 005048742 _____ C:\Users\Sky\Downloads\http---www.coburn.co.uk-wp-content-uploads-2016-05-06220.02-Straightaway-216-Datasheet-Rev.01-01.08.2016.step
2017-08-10 23:50 - 2017-08-10 23:50 - 002693643 _____ C:\Users\Sky\Downloads\12 Pista 12.m4a
2017-08-10 23:48 - 2017-08-10 23:48 - 001916178 _____ C:\Users\Sky\Downloads\11 Pista 11 (1).m4a
2017-08-10 23:04 - 2017-08-10 23:04 - 001156263 _____ C:\Users\Sky\Downloads\09 Pista 09 (1).m4a
2017-08-10 23:02 - 2017-08-10 23:02 - 004827490 _____ C:\Users\Sky\Downloads\08 Pista 08.m4a
2017-08-10 14:16 - 2017-08-10 14:16 - 000001978 _____ C:\Users\Sky\Downloads\Skytet.txt
2017-08-10 12:30 - 2017-08-10 13:06 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-08-10 12:30 - 2017-08-10 12:30 - 000000000 ____D C:\Users\Sky\AppData\Local\GoToAssist Remote Support Customer
2017-08-10 12:30 - 2017-08-10 12:30 - 000000000 ____D C:\Users\Sky\AppData\Local\GoTo Opener
2017-08-10 12:10 - 2017-08-10 12:10 - 000054596 _____ C:\Users\Sky\Downloads\msg0039.WAV
2017-08-09 23:07 - 2017-08-09 23:07 - 000019937 _____ C:\Users\Sky\Downloads\products_export (49) - products_export (49).csv
2017-08-09 22:56 - 2017-08-09 22:56 - 000020358 _____ C:\Users\Sky\Downloads\products_export (49).csv
2017-08-09 22:47 - 2017-08-09 22:47 - 000019937 _____ C:\Users\Sky\Downloads\products_export (48) - products_export (48).csv
2017-08-09 22:34 - 2017-08-09 22:34 - 000020358 _____ C:\Users\Sky\Downloads\products_export (48).csv
2017-08-09 22:20 - 2017-08-09 22:20 - 000019852 _____ C:\Users\Sky\Downloads\products_export (47) - products_export (47) (1).csv
2017-08-09 22:14 - 2017-08-09 22:14 - 000019854 _____ C:\Users\Sky\Downloads\products_export (47) - products_export (47).csv
2017-08-09 21:58 - 2017-08-09 21:58 - 000020287 _____ C:\Users\Sky\Downloads\products_export (47).csv
2017-08-09 17:18 - 2017-08-09 17:18 - 000019866 _____ C:\Users\Sky\Downloads\products_export (46) - products_export (46).csv
2017-08-09 17:01 - 2017-08-09 17:01 - 000020273 _____ C:\Users\Sky\Downloads\products_export (46).csv
2017-08-09 16:39 - 2017-08-09 16:39 - 000019120 _____ C:\Users\Sky\Downloads\products_export (45).csv
2017-08-09 15:55 - 2017-08-09 16:16 - 000016165 _____ C:\Users\Sky\Downloads\products_export (44).xlsx
2017-08-09 15:42 - 2017-08-09 15:42 - 000021026 _____ C:\Users\Sky\Downloads\products_export (44).csv
2017-08-08 10:11 - 2017-08-08 10:11 - 000017451 _____ C:\Users\Sky\Downloads\trans1502204488567.csv
2017-08-07 20:45 - 2017-08-07 20:45 - 000027995 _____ C:\Users\Sky\Downloads\CUV_TETTEROCROSBY_SKY_0452156180421.pdf
2017-08-07 17:13 - 2017-08-07 17:13 - 003296430 _____ C:\Users\Sky\Downloads\13 Pista 13.m4a
2017-08-07 13:15 - 2017-08-07 13:15 - 005407939 _____ C:\Users\Sky\Downloads\17 Pista 17.m4a
2017-08-07 12:34 - 2017-08-07 12:34 - 004803733 _____ C:\Users\Sky\Downloads\15 Pista 15.m4a
2017-08-07 09:55 - 2017-08-07 09:55 - 004173241 _____ C:\Users\Sky\Downloads\11 Pista 11.m4a
2017-08-06 17:23 - 2017-08-06 17:24 - 000000000 ____D C:\Users\Sky\Downloads\It Comes At Night 2017 720p BrRip x264 - 2HD
2017-08-06 17:17 - 2017-08-06 17:17 - 000019866 _____ C:\Users\Sky\Downloads\products_export (44) - products_export (43) (1).csv
2017-08-06 17:12 - 2017-08-06 17:12 - 000019864 _____ C:\Users\Sky\Downloads\products_export (44) - products_export (43).csv
2017-08-06 17:07 - 2017-08-06 17:07 - 000019864 _____ C:\Users\Sky\Downloads\products_export (43) - products_export (43).csv
2017-08-06 16:49 - 2017-08-06 16:49 - 000020273 _____ C:\Users\Sky\Downloads\products_export (43).csv
2017-08-06 16:27 - 2017-08-06 16:27 - 000019937 _____ C:\Users\Sky\Downloads\products_export (42) - products_export (42).csv
2017-08-06 15:59 - 2017-08-06 15:59 - 000020358 _____ C:\Users\Sky\Downloads\products_export (42).csv
2017-08-06 15:48 - 2017-08-06 15:48 - 000019937 _____ C:\Users\Sky\Downloads\products_export (41) - products_export (41).csv
2017-08-06 15:21 - 2017-08-06 15:21 - 000020358 _____ C:\Users\Sky\Downloads\products_export (41).csv
2017-08-06 14:51 - 2017-08-06 14:51 - 000020287 _____ C:\Users\Sky\Downloads\products_export (38).csv
2017-08-06 14:51 - 2017-08-06 14:51 - 000020287 _____ C:\Users\Sky\Downloads\products_export (37).csv
2017-08-06 14:47 - 2017-08-06 14:47 - 000018058 _____ C:\Users\Sky\Downloads\products_export (36).csv
2017-08-06 12:49 - 2017-08-06 12:49 - 000019164 _____ C:\Users\Sky\Downloads\Invoice_INV-000813932 (1).pdf
2017-08-06 12:48 - 2017-08-06 12:48 - 000019164 _____ C:\Users\Sky\Downloads\Invoice_INV-000813932.pdf
2017-08-04 20:26 - 2017-08-20 13:26 - 000000000 ____D C:\Users\Sky\Documents\Doug and Sascha Trip
2017-08-04 19:01 - 2017-08-04 19:01 - 000084151 _____ C:\Users\Sky\Downloads\Order # 1101 Packing Slip.pdf
2017-08-04 19:01 - 2017-08-04 19:01 - 000084151 _____ C:\Users\Sky\Downloads\Order # 1101 Packing Slip (1).pdf
2017-08-04 18:42 - 2017-08-04 18:42 - 000084245 _____ C:\Users\Sky\Downloads\Order # 1097 Packing Slip.pdf
2017-08-04 17:21 - 2017-08-04 17:21 - 000047706 _____ C:\Users\Sky\Downloads\msg0033.WAV
2017-08-04 15:07 - 2017-08-04 15:07 - 000431336 _____ C:\Users\Sky\Downloads\msg0032.WAV
2017-08-04 14:56 - 2017-08-04 14:56 - 000017004 _____ C:\Users\Sky\Downloads\KH97969  BOL.pdf
2017-08-04 14:21 - 2017-08-04 14:21 - 000034510 _____ C:\Users\Sky\Downloads\msg0031.WAV
2017-08-04 14:05 - 2017-08-04 14:05 - 000037176 _____ C:\Users\Sky\Downloads\msg0030.WAV
2017-08-03 15:54 - 2017-08-03 15:54 - 000034419 _____ C:\Users\Sky\Downloads\document (4).pdf
2017-08-03 15:09 - 2017-08-03 15:09 - 003224539 _____ C:\Users\Sky\Downloads\09 Pista 09.m4a
2017-08-03 14:24 - 2017-08-03 14:24 - 000034419 _____ C:\Users\Sky\Downloads\document (2).pdf
2017-08-03 14:24 - 2017-08-03 14:24 - 000030565 _____ C:\Users\Sky\Downloads\document (3).pdf
2017-08-03 14:13 - 2017-08-03 14:13 - 000040355 _____ C:\Users\Sky\Downloads\AM_Doc_f42834f5-bc4e-4a8e-bcfb-6f6d7b4cb604.pdf
2017-08-02 10:52 - 2017-08-02 10:52 - 000000000 ____D C:\Users\Sky\AppData\Local\TempTaskUpdateDetectionCB92321D-1043-4FB2-BE0E-BAA1AD58C509
2017-08-01 23:37 - 2017-08-01 23:37 - 001908715 _____ C:\Users\Sky\Downloads\05 Pista 05.m4a
2017-08-01 23:09 - 2017-08-01 23:09 - 005281072 _____ C:\Users\Sky\Downloads\02 Pista 02 (1).m4a
2017-08-01 14:33 - 2017-08-01 14:33 - 005922949 _____ C:\Users\Sky\Downloads\Bypass Bracket Barn Door Hardware Kit.pdf
2017-08-01 14:31 - 2017-08-01 14:32 - 006070383 _____ C:\Users\Sky\Downloads\Rolling Barn Door Hardware Installation Instructions.pdf
2017-08-01 13:59 - 2017-08-01 13:59 - 003341581 _____ C:\Users\Sky\Downloads\02 Pista 02.m4a
2017-07-31 17:03 - 2017-07-31 17:03 - 000011948 _____ C:\Users\Sky\Downloads\CARGA AGOSTO INGLES.xlsx
2017-07-31 14:11 - 2017-07-31 14:11 - 000023143 _____ C:\Users\Sky\Downloads\Order #1097 Invoice.pdf
2017-07-31 12:23 - 2017-07-31 12:23 - 000021969 _____ C:\Users\Sky\Downloads\Gail Ressler Custom Order - Invoice.pdf
2017-07-31 11:49 - 2017-07-31 17:11 - 000061218 _____ C:\Users\Sky\Downloads\tf00000042 (1).xlsx
2017-07-31 11:49 - 2017-07-31 11:49 - 000013541 _____ C:\Users\Sky\Downloads\tf00000042.xlsx
2017-07-30 21:56 - 2017-07-30 21:56 - 000019852 _____ C:\Users\Sky\Downloads\products_export (35) - products_export (35).csv
2017-07-30 21:37 - 2017-07-30 21:37 - 000020273 _____ C:\Users\Sky\Downloads\products_export (35).csv
2017-07-30 21:33 - 2017-07-30 21:33 - 000021647 _____ C:\Users\Sky\Downloads\products_export (34).csv
2017-07-30 21:26 - 2017-07-30 21:26 - 000019866 _____ C:\Users\Sky\Downloads\products_export (33) - products_export (33).csv
2017-07-30 21:08 - 2017-07-30 21:08 - 000020273 _____ C:\Users\Sky\Downloads\products_export (33).csv
2017-07-30 20:52 - 2017-07-30 20:52 - 000020615 _____ C:\Users\Sky\Downloads\products_export (32).csv
2017-07-30 20:38 - 2017-07-30 20:38 - 000019089 _____ C:\Users\Sky\Downloads\products_export (31) - products_export (31) (2).csv
2017-07-30 20:32 - 2017-07-30 20:32 - 000019089 _____ C:\Users\Sky\Downloads\products_export (31) - products_export (31) (1).csv
2017-07-30 20:22 - 2017-07-30 20:22 - 000019089 _____ C:\Users\Sky\Downloads\products_export (31) - products_export (31).csv
2017-07-30 20:09 - 2017-07-30 20:09 - 000019510 _____ C:\Users\Sky\Downloads\products_export (31).csv
2017-07-30 19:33 - 2017-07-30 19:33 - 000021226 _____ C:\Users\Sky\Downloads\products_export (30) - products_export (30).csv
2017-07-30 19:12 - 2017-07-30 19:12 - 000021983 _____ C:\Users\Sky\Downloads\products_export (30).csv
2017-07-29 20:57 - 2017-08-06 17:24 - 000000000 ____D C:\Users\Sky\Downloads\Killing Ground 2016 720p WEBRip 650 MB - iExTV
2017-07-28 18:05 - 2017-07-28 18:05 - 006014475 _____ C:\Users\Sky\Downloads\Advanced Final Test-doc.zip
2017-07-28 16:51 - 2017-07-28 16:51 - 000004172 _____ C:\Users\Sky\Downloads\Listening-doc.zip
2017-07-28 16:51 - 2017-07-28 16:51 - 000004172 _____ C:\Users\Sky\Downloads\Listening-doc (1).zip
2017-07-28 14:53 - 2017-07-28 14:54 - 003414627 _____ C:\Users\Sky\Downloads\22 Pista 22.m4a
2017-07-28 06:18 - 2017-08-10 21:52 - 000000000 ____D C:\Program Files\rempl
2017-07-27 15:43 - 2017-07-27 15:43 - 003419275 _____ C:\Users\Sky\Downloads\Intermediate Exam-doc.zip
2017-07-27 15:02 - 2017-07-27 15:02 - 002387387 _____ C:\Users\Sky\Downloads\Int test Chapter 10-doc.zip
2017-07-27 14:16 - 2017-07-27 14:16 - 002024300 _____ C:\Users\Sky\Downloads\Int test Chapter 9-doc.zip
2017-07-27 13:50 - 2017-07-27 13:50 - 000083877 _____ C:\Users\Sky\Downloads\Order # 1094 Packing Slip.pdf
2017-07-27 12:39 - 2017-07-27 12:39 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2335592601-912487484-2578388224-1001
2017-07-27 10:59 - 2017-07-27 10:59 - 000021983 _____ C:\Users\Sky\Downloads\products_export (29).csv
2017-07-27 10:52 - 2017-07-27 10:52 - 000005640 _____ C:\Users\Sky\Downloads\products_export (28).csv
2017-07-27 10:29 - 2017-07-27 10:29 - 000019133 _____ C:\Users\Sky\Downloads\products_export (27).csv
2017-07-27 10:28 - 2017-07-27 10:28 - 000005621 _____ C:\Users\Sky\Downloads\products_export (26).csv
2017-07-27 10:22 - 2017-07-27 10:22 - 000005621 _____ C:\Users\Sky\Downloads\products_export (25).csv
2017-07-26 19:47 - 2017-07-26 19:47 - 000022065 _____ C:\Users\Sky\Downloads\2016 Sky Tettero-Crosby.pdf
2017-07-26 10:19 - 2017-07-26 10:19 - 000008802 _____ C:\Users\Sky\Downloads\MARDEROSIAN Barn Door_7-21-17.pdf
2017-07-26 08:06 - 2017-07-26 08:06 - 000084019 _____ C:\Users\Sky\Downloads\Order # 1089 Packing Slip.pdf
2017-07-25 23:14 - 2017-07-25 23:24 - 011438746 _____ C:\Users\Sky\Downloads\Test 3-doc.zip
2017-07-25 15:22 - 2017-07-25 15:22 - 000070244 _____ C:\Users\Sky\Downloads\201707251616.pdf
2017-07-25 14:56 - 2017-07-25 14:56 - 000030694 _____ C:\Users\Sky\Downloads\psimplevspperfectoe1.pdf
2017-07-25 14:16 - 2017-07-25 14:16 - 032083632 _____ C:\Users\Sky\Downloads\39 Pista de Audio.aiff
2017-07-25 14:15 - 2017-07-25 14:15 - 026556432 _____ C:\Users\Sky\Downloads\40 Pista de Audio.aiff
2017-07-25 14:14 - 2017-07-25 14:14 - 010979136 _____ C:\Users\Sky\Downloads\27 Pista de Audio (1).aiff
2017-07-25 14:14 - 2017-07-25 14:14 - 006103440 _____ C:\Users\Sky\Downloads\42 Pista de Audio.aiff
2017-07-25 11:49 - 2017-07-25 12:30 - 019469332 _____ C:\Users\Sky\Downloads\test 2-doc.zip
2017-07-25 10:54 - 2017-07-25 10:54 - 000279525 _____ C:\Users\Sky\Downloads\E911.pdf
2017-07-25 10:43 - 2017-07-25 10:43 - 000021117 _____ C:\Users\Sky\Downloads\261234355.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-24 11:29 - 2017-01-19 23:27 - 000000000 ____D C:\Users\Sky\AppData\Roaming\Spotify
2017-08-24 11:29 - 2015-11-28 00:42 - 000005660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-24 11:24 - 2017-01-19 23:27 - 000000000 ____D C:\Users\Sky\AppData\Local\Spotify
2017-08-24 11:24 - 2016-10-02 12:18 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-24 11:24 - 2015-11-28 01:20 - 000000000 __SHD C:\Users\Sky\IntelGraphicsProfiles
2017-08-24 11:23 - 2016-10-02 12:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-24 11:19 - 2016-07-16 01:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-24 11:11 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-24 10:49 - 2016-10-02 12:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-24 10:40 - 2017-04-25 16:30 - 000000000 ____D C:\Users\Sky\AppData\LocalLow\Mozilla
2017-08-24 04:14 - 2015-11-28 20:05 - 000000000 ____D C:\Users\Sky\AppData\Local\Adobe
2017-08-24 03:43 - 2015-12-19 18:29 - 000000000 ____D C:\Users\Sky\AppData\LocalLow\Adblock Plus for IE
2017-08-24 00:15 - 2017-07-05 14:28 - 000000000 ____D C:\Program Files\ByteFence
2017-08-23 22:52 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-23 14:52 - 2017-01-21 20:37 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-23 12:12 - 2015-12-19 19:14 - 000000000 ____D C:\Users\Sky\AppData\Roaming\vlc
2017-08-22 23:58 - 2016-10-02 12:19 - 000000000 ____D C:\Users\Sky
2017-08-22 23:28 - 2015-11-28 00:39 - 000000000 ____D C:\Users\Sky\AppData\Local\Packages
2017-08-22 19:56 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-22 19:54 - 2015-12-04 22:57 - 000000000 ____D C:\Users\Sky\AppData\Roaming\Skype
2017-08-21 14:36 - 2016-11-28 00:01 - 000000000 ____D C:\Users\Sky\Desktop\Rustic Rolling Doors
2017-08-20 21:39 - 2016-11-22 00:31 - 000000000 ____D C:\Users\Sky\AppData\Local\CrashDumps
2017-08-19 20:50 - 2015-12-19 12:01 - 000000000 ____D C:\Users\Sky\AppData\Roaming\BitTorrent
2017-08-19 20:42 - 2017-07-16 19:33 - 000000000 ____D C:\Users\Sky\Downloads\PopcornTime
2017-08-19 17:34 - 2016-03-15 19:57 - 000000650 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2335592601-912487484-2578388224-1001.job
2017-08-19 17:34 - 2016-03-15 19:57 - 000000554 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2335592601-912487484-2578388224-1001.job
2017-08-18 07:34 - 2015-11-28 02:17 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-17 22:06 - 2016-03-10 22:35 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 22:06 - 2016-03-10 22:35 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-16 22:45 - 2017-07-08 21:45 - 000000000 ____D C:\Users\Sky\AppData\Local\GoToMeeting
2017-08-11 00:21 - 2015-11-28 00:41 - 000000000 ___RD C:\Users\Sky\OneDrive
2017-08-10 22:02 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-10 12:30 - 2016-03-15 19:56 - 000000000 ____D C:\Users\Sky\AppData\Local\Citrix
2017-08-09 19:29 - 2017-05-31 11:47 - 000004596 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-09 19:29 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-09 19:29 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-09 15:07 - 2015-11-28 20:08 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-09 14:58 - 2015-12-08 23:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 14:57 - 2015-12-08 23:18 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 22:49 - 2017-07-02 11:18 - 000000000 ____D C:\Users\Sky\Documents\ESL Teaching
2017-08-08 22:35 - 2015-12-04 22:57 - 000000000 ____D C:\ProgramData\Skype
2017-08-04 13:48 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-04 13:47 - 2015-11-28 18:06 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-03 14:19 - 2016-10-02 12:25 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-28 08:20 - 2016-11-05 18:34 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-27 12:39 - 2015-11-28 00:41 - 000002363 _____ C:\Users\Sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-25 23:24 - 2015-11-28 20:50 - 000000000 ____D C:\Users\Sky\Documents\Custom Office Templates
 
==================== Files in the root of some directories =======
 
2016-12-15 23:38 - 2017-05-18 08:43 - 000000132 _____ () C:\Users\Sky\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-06-05 22:00 - 2016-06-22 00:01 - 000000033 _____ () C:\Users\Sky\AppData\Roaming\AdobeWLCMCache.dat
2016-10-02 12:18 - 2016-10-02 12:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-21 17:42
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Sky (24-08-2017 11:35:51)
Running from C:\Users\Sky\Downloads\FRST-OlderVersion
Windows 10 Home Version 1607 (X64) (2016-10-02 17:26:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2335592601-912487484-2578388224-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2335592601-912487484-2578388224-503 - Limited - Disabled)
Guest (S-1-5-21-2335592601-912487484-2578388224-501 - Limited - Disabled)
Sky (S-1-5-21-2335592601-912487484-2578388224-1001 - Administrator - Enabled) => C:\Users\Sky
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
ClipGrab 3.6.5 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Debenu PDF Tools 3.1.1.1 (HKLM-x32\...\Debenu PDF Tools) (Version: 3.1.1.1 - Debenu)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{15FAF1DC-3F11-40B6-9B2D-7051BD51DD87}) (Version: 5.10.4643 - GoPro, Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.9.1.7469 (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\GoToMeeting) (Version: 8.9.1.7469 - LogMeIn, Inc.)
Icecream Screen Recorder version 4.50 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.50 - Icecream Apps)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cd9f6851-cf78-4064-a8fd-7ac984b2a690}) (Version: 18.20.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KB4023057 (HKLM\...\{0339C035-CB0E-4AA1-8A94-6C306982BD86}) (Version: 2.1.0.0 - Microsoft Corporation)
LANDR (HKLM-x32\...\{b4180ac7-d565-4e07-a1ee-f224c708e63a}) (Version: 1.5.0.0 - LANDR Audio)
LANDR (HKLM-x32\...\{DAA5DA0B-37EB-47C9-BA09-3C7E071ACF7A}) (Version: 1.5.0.0 - LANDR Audio) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{0051F46C-803F-4B2D-8816-A80B2B217292}) (Version: 4.26.1.0 - Domit LTD)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 4.00 - NCH Software)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quik (HKLM\...\{DA17DAC7-5559-46CF-BF8F-737BC4B7ED14}) (Version: 0.1.4643 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{71fc4e33-8ac1-4b21-8cb5-040ce8986c4e}) (Version: 2.0.0.4643 - GoPro, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0067 - ST Microelectronics)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Tidiochat (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\TidioChat) (Version: 3.0.0 - Tidio Chat)
VFW_Codec32 (HKLM-x32\...\{3F85CA55-7192-40E6-9EF1-60228D45DED3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{1D540D0B-A42E-4C6F-9B55-EEC232F080C1}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.01 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebM Project Directshow Filters (HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A7CB25B52098}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sky\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2335592601-912487484-2578388224-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [PDFTools] -> {1A359BC8-317D-462a-AD1C-51022D771581} => C:\Program Files (x86)\Debenu\PDF Tools\PDFToolsShell64.dll [2015-06-17] (Debenu Pty Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers4: [PDFTools] -> {1A359BC8-317D-462a-AD1C-51022D771581} => C:\Program Files (x86)\Debenu\PDF Tools\PDFToolsShell64.dll [2015-06-17] (Debenu Pty Ltd.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-23] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11F1DCCA-9AC0-48DE-A5F8-CDC5B5CC6192} - System32\Tasks\G2MUploadTask-S-1-5-21-2335592601-912487484-2578388224-1001 => C:\Users\Sky\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {17F0B629-5F35-43DA-B194-6CA98CE92A65} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
Task: {27C6309B-A3F6-415F-B9DF-135DCB43F7A3} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sky\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {3D188458-4F3F-4F8D-BE56-1F6B93EA8028} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {43941A39-6F0A-4E48-BA50-1C1AAB933C78} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-skycrosby@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-06] (Adobe Systems Incorporated)
Task: {4B7B6ECB-823E-47DE-BA8C-52557C163AF3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {5054987A-2CC1-4501-8135-1994024C57C2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-21] (Dropbox, Inc.)
Task: {5E4FB45C-16EA-4092-92F1-CBCF52BD38C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-10] (Google Inc.)
Task: {6017D2C9-5D68-45D0-B313-9B55DF7FB0E7} - \ByteFence -> No File <==== ATTENTION
Task: {6065026B-E165-4A0B-B1A3-20C0CAE5FE54} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {653A633E-2D6D-4E03-AACB-94229995E3C9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {71248C6C-3C95-4109-A709-DE369673C73D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
Task: {71FDADF7-69BC-400F-A064-DFE14BC088CC} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {898892A2-13CF-4A24-ABFE-149B9D5DDB06} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-07-11] (Microsoft Corporation)
Task: {89B0B5C2-A100-43AE-A661-376F79F7BD62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
Task: {A0EE0A29-1BB9-4FA8-8BC3-3569F21FDF44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
Task: {A31AC14C-0524-4926-9B29-4C95D8103CB9} - System32\Tasks\NordVPN Client auto-start => C:\Program Files\NordVPN\NordVPN Client.exe
Task: {A49016D3-B74F-42C5-841D-03AA0D8F58B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {B85200A7-CC02-4C08-8781-AC4AC9609B11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {BAE72967-7A74-4BF1-9BBC-674C2C725977} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-06-08] (Adobe Systems Incorporated)
Task: {C321B8A3-3007-4ADF-A4FC-738A604A0F38} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {CD03C518-879A-40D9-B02A-C74DE684983A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-21] (Dropbox, Inc.)
Task: {CD61F658-1F55-423A-8C08-301D7CA97398} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-10] (Google Inc.)
Task: {E286D13C-FAED-4E3B-AAF5-DF5C69356D40} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {EA50F309-E959-4F17-8B11-511C89ADEF82} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {F4B309FD-40F0-4F68-93B4-7E22B77FC300} - System32\Tasks\G2MUpdateTask-S-1-5-21-2335592601-912487484-2578388224-1001 => C:\Users\Sky\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F61E6BF8-C567-4F8A-B5B5-240808221B3C} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {FF725BD2-500D-417A-9330-7B8C18C02042} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2335592601-912487484-2578388224-1001.job => C:\Users\Sky\AppData\Local\GoToMeeting\7469\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2335592601-912487484-2578388224-1001.job => C:\Users\Sky\AppData\Local\GoToMeeting\7469\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Sky\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
ShortcutWithArgument: C:\Users\Sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BrowserStack Local.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mfiddfehmfdojjfdpfngagldgaaafcfo
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-02 14:12 - 2016-10-02 14:12 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-02 12:18 - 2016-08-01 07:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-19 12:11 - 2015-05-19 12:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-11-28 18:06 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-08-23 23:29 - 2017-08-21 07:20 - 002264520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-09-07 16:43 - 2017-02-16 00:21 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-02 14:12 - 2016-10-02 14:12 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 19:56 - 2016-11-02 05:30 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-09 20:06 - 2017-04-09 20:07 - 002151632 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-04-09 20:06 - 2017-04-09 20:07 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-11-08 19:55 - 2016-11-02 05:21 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 19:56 - 2016-11-02 05:15 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 19:56 - 2016-11-02 05:14 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 19:55 - 2016-11-02 05:15 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 19:55 - 2016-11-02 05:16 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 19:56 - 2016-11-02 05:17 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-22 19:52 - 2017-08-22 19:54 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 19:52 - 2017-08-22 19:54 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 19:52 - 2017-08-22 19:54 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 19:52 - 2017-08-22 19:54 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-02 04:09 - 2016-12-02 04:09 - 000866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2017-08-17 22:06 - 2017-08-11 02:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 22:06 - 2017-08-11 02:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2017-07-04 14:17 - 2017-06-27 11:15 - 066355808 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
2016-05-22 20:32 - 2016-05-22 20:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-12-02 04:09 - 2016-12-02 04:09 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2015-11-28 01:24 - 2015-10-11 22:05 - 000013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-20 02:11 - 2017-02-02 01:38 - 051777648 _____ () C:\Users\Sky\AppData\Roaming\Spotify\libcef.dll
2017-01-20 02:12 - 2017-02-02 01:38 - 000110192 _____ () C:\Users\Sky\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-01-20 02:11 - 2017-02-02 01:38 - 001803888 _____ () C:\Users\Sky\AppData\Roaming\Spotify\libglesv2.dll
2017-01-20 02:11 - 2017-02-02 01:38 - 000086128 _____ () C:\Users\Sky\AppData\Roaming\Spotify\libegl.dll
2016-06-03 04:36 - 2016-06-03 04:36 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-08-23 14:52 - 2017-08-22 11:55 - 000757568 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-08-23 14:52 - 2017-08-22 11:55 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-27 14:14 - 2017-08-22 11:53 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-23 14:52 - 2017-08-22 11:53 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-27 14:14 - 2017-08-22 11:53 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-08-23 14:52 - 2017-08-22 11:53 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-27 14:14 - 2017-08-22 11:57 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-23 14:52 - 2017-08-22 11:56 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-27 14:14 - 2017-08-22 11:53 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-27 14:14 - 2017-08-22 11:58 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-08-23 14:52 - 2017-08-22 11:57 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-08-23 14:52 - 2017-08-22 11:55 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-08-23 14:52 - 2017-08-22 11:56 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-27 14:14 - 2017-08-22 11:57 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-08-23 14:52 - 2017-08-22 11:57 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-27 14:14 - 2017-08-22 11:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-27 14:14 - 2017-08-22 11:57 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-23 14:52 - 2017-08-22 11:57 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-06-08 01:10 - 2016-06-08 01:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 01:10 - 2016-06-08 01:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 01:10 - 2016-06-08 01:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 01:10 - 2016-06-08 01:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-06-08 01:41 - 2016-06-08 01:41 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 01:10 - 2016-06-08 01:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-06-24 04:07 - 2015-06-24 04:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Sky\Documents\Amy Atwood Showroom.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\Bragg hill mirror mantle.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\Environamics Office (1).jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\Environamics Office (2).jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\LaFrance bookcase kitchen.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Sky\Documents\tpaak_phototour05 2.png:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2017-08-23 23:04 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{219DAF2A-5229-4A14-96D5-CC9BAA13B314}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7B80E64-0391-420F-8DC5-78C3CE044291}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B622468B-4FEA-4A5C-B321-4D790FCAEC1E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{90D229BC-14A6-474A-A5B2-7E1328CA3762}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BF98B14D-34B8-42E1-B87B-0CB662AEED20}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{705F8932-6F47-495E-9EE4-FDF7430EF31C}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7327C03A-1AE6-41F1-BDF9-612E6488B20A}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F8E2FF62-AE69-4849-8D9C-E7EAAFB1DC7D}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B2B03150-3804-460C-91DA-994106A857EE}] => (Allow) C:\Users\Sky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4EB782CA-4A84-4A23-940A-C57640B563FE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5C6BFCC5-62ED-4041-A0D3-4940E2407253}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8E0ABF6B-C4F6-4517-B2B6-A3B196197811}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8DB5131C-8420-4AD8-85E0-6F77A444618D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3560E696-5490-48DF-9CDC-57B023631142}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B1E5C1A0-7E26-4F62-B746-F0B0343D5F11}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{86FEB7B9-4A5D-4A1B-9672-3AA15CA13EBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E48894AF-F13B-4B9F-906D-E5BDFFADDC7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5EAEF4A7-CF0F-49C6-9691-8DCA0FE76130}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DA3F9291-DD78-4B65-B330-1C17AD3BC31C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F41745BE-50FA-45A5-8BF8-36CAFD98C6B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{283BA2EB-761C-47D0-86AE-E5A409631329}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9258947D-82EC-4E2A-9EFA-FEE15724DE7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CE4E41DD-3615-44FC-A105-98C062F91897}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4BA8EBD1-95DD-4450-B782-3E5851DC1410}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\Quik.exe
FirewallRules: [{C24EAAE6-3577-447A-8A77-C860D5807C00}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{7A158E9D-1CA2-4BC0-8DFA-5A89BFD787B9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{2FFF7441-04DD-4198-8AE0-1FE722E6867A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [TCP Query User{5AD0A171-6BE1-406F-B124-8BF7B0B4086E}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{81C358B3-1DE0-409D-9810-4C1E3D501E52}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4BD5AD5-790B-4E3A-A53E-94155209AFEE}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D7BD7958-D589-444B-974A-C4980B89E06C}C:\users\sky\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sky\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6A8FD0D1-5955-46A5-9158-98D823623D1D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{51D21836-8ABF-48A1-9A0F-46862A86F7F6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{0953B44C-6E6D-470C-BE30-B29C48DA5BDD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{1E5B2A41-B09D-4C27-830B-34BBFA2C7E40}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C7CBF6B7-9358-4DD1-8EA0-FA5695DA5011}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{96A09C23-D601-4FD0-A683-11479DB2B5DE}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{6176A0AB-F5EB-46A8-B55D-4D5C9BF0DA1A}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{ED1B66B0-59EA-4297-970F-49FCBBA95855}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{590B77DC-E517-4820-8200-F35CA2F9F793}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Block) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{37912C5B-6C93-4179-8499-36E96CB33B95}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Block) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{3BA7356D-A2C4-4CB9-99D9-0907CD2772D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BCE28D7D-CFFD-45D2-AC06-6773EB097505}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2017 12:19:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 11:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ByteFenceService.exe, version: 3.11.0.0, time stamp: 0x59491c98
Faulting module name: mscorwks.dll, version: 2.0.50727.8745, time stamp: 0x573d296c
Exception code: 0xc0000005
Fault offset: 0x00000000000f3899
Faulting process id: 0x%9
Faulting application start time: 0xByteFenceService.exe0
Faulting application path: ByteFenceService.exe1
Faulting module path: ByteFenceService.exe2
Report Id: ByteFenceService.exe3
Faulting package full name: ByteFenceService.exe4
Faulting package-relative application ID: ByteFenceService.exe5
 
Error: (08/23/2017 11:44:42 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8745 - Fatal Execution Engine Error (00007FFCF3A60D3E) (80131506)
 
Error: (08/23/2017 11:29:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (08/23/2017 11:29:55 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
 
Error: (08/23/2017 11:29:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2017 11:07:29 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\WINDOWS\system32\netfxperf.dll" service in DLL ".NET Data Provider for SqlServer" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
 
Error: (08/23/2017 10:01:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 09:01:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 07:46:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ADL7A4T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/24/2017 11:24:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 11:23:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/24/2017 11:23:50 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
 
Error: (08/24/2017 11:15:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 11:15:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/24/2017 11:15:32 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
 
Error: (08/24/2017 11:03:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 11:03:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 11:03:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/24/2017 11:03:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-24 10:04:22.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-20 11:49:29.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-15 23:40:49.126
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 14:45:36.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-10 08:22:11.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-08 23:00:22.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-08 10:56:30.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-07 09:09:18.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-04 15:39:27.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 00:00:55.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 24%
Total physical RAM: 16282.57 MB
Available physical RAM: 12314.26 MB
Total Virtual: 18714.57 MB
Available Virtual: 14716 MB
 
==================== Drives ================================
 
Drive c: (240SSD) (Fixed) (Total:223.02 GB) (Free:15.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 24 August 2017 - 11:43 AM

Sky:

 

Thank you for permission to address you by your first name.  I also thank you for your getting me a fresh set of FRST logs so quickly! :thumbup2:

 

I had started analyzing the original "Addition.txt" log and I had discovered some issues, so the time was not wasted.

 

I am hoping to complete the analysis of the nearly 1,200 lines of FRST logs by tomorrow morning and post back with my initial findings and a FRST "fixlist" script for your computer then.

 

Thank you for your patience and understanding.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 24 August 2017 - 01:02 PM

Sky:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:
  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.
.

OK, let's get started ...

.

:step1: You are very low on free hard disk space.
 

Drive c: (240SSD) (Fixed) (Total:223.02 GB) (Free:15.45 GB) NTFS


Windows requires at least 10 to 15 percent of the size of the Drive C: to be free space. Less than that, and Windows will thrash around and response times will be very slow. In your case, the computer has less than SEVEN (7) percent of free space on the OS drive (Drive C:). We will need to free us some space on the hard drive.
.

:step2: Your version of Adobe Acrobat Reader is out of date. You are running Adobe Acrobat Reader 11.1.9. The current version is Adobe Acrobat Reader DC 2017.012.20095. .
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update your Adobe Acrobat Reader:
  • Click here to navigate to the Adobe Reader website.
  • Uncheck any optional offers, such as McAfee Security Scan Plus.
  • Click on Install Now.
  • Click Save File and save the file to your Desktop.
  • Close all open browsers.
  • Double click the Desktop icon then click Run.
  • When completed click Finish.
.

:step3: In going over your logs I noticed that you have BitTorrent and Popcorn Time installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall BitTorrent and Popcorn Time, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use the programs until your computer is cleaned.

.

:step4: The FRST logs reveal that you have Java installed on your computer. Java has a long history of security vulnerabilities. Unless you need it, I would recommend that you uninstall the program.

I uninstalled Java from my two computers over two years ago, and I have never missed it. Some older games do require Java, but most computer users don't need it, so they are just taking an unnecessary chance of their computer being infected.

Please see this link for more information; or, "google" "Java security vulnerabilities."

Please let me know what you decide to do: keep it or uninstall it. It is your computer, so it is your decision.

.

:step5: The "Addition.txt" log also shows that you have Apple QuickTime installed on the computer. Apple is no longer supporting that program, so it too poses a security risk to your computer. Please see this link for more details. Please let me know whether you keep it or uninstall it.

.

:step6: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2335592601-912487484-2578388224-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-08-24 00:15 - 2017-07-05 14:28 - 000000000 ____D C:\Program Files\ByteFence
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {6017D2C9-5D68-45D0-B313-9B55DF7FB0E7} - \ByteFence -> No File <==== ATTENTION
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.
.

I have noted a few other minor issues, but I think that is enough "homework" for one post! :busy:  We will deal with them in future posts.  Thank you and have a great day.

Regards,
-Phil

Edited by garioch7, 24 August 2017 - 01:03 PM.
Correct typo

Member of the Unified Network of Instructors and Trusted Eliminators


#6 crosby

crosby
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 August 2017 - 03:33 PM

Hi Phil - thanks for all of the advice, I will follow your suggestions. When say to backup the files that I want to keep, won't I also be backing up the virus too? In terms of limiting the spread of the virus, would a cloud backup be preferential to backing up on a hard drive? 

 

Also, do you have any idea what the Behavior:Win32/Powermet.B!attk virus does? I have been doing a fair bit of browsing since I got notice of the virus so I'm wondering if it is know to collect passwords or other sensitive information such as banking information. Lastly, it looks like Windows defender had quarantined the virus as soon as it was detected. Do you think that did any anything to limit the spread of the virus or has it completely infected my entire computer?

 

Thanks,

Sky
 



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 25 August 2017 - 04:31 AM

Sky:
 
Thank you for your post and for your questions.  It is always wise to seek information about any concerns that you might have.   :thumbup2:



When say to backup the files that I want to keep, won't I also be backing up the virus too? In terms of limiting the spread of the virus, would a cloud backup be preferential to backing up on a hard drive? 

 
If the virus is present, yes, you will back it up too.  It will be essentially inert, if it is backed up.  We recommend full system images because malware removal can be tricky.  Not all malware is well coded, so removing it could have unintended consequences, even to the point of rendering a computer unbootable.  In your case, I would not be too concerned, but one should always have a fallback strategy in case something goes "sideways."  With a full backup, we can always start again.  Personally, cloud backup is not an option for me, because the Internet speeds here in rural Cape Breton are much too slow.  There is really no reason to prefer a cloud-based backup solution in this instance.  I would use an external hard drive and a good free backup program, like Easeus Todo Backup Home or Macrium Reflect.
 
I own the paid versions of both programs and alternate between them when I do my weekly full system images of both of my computers.  Be sure to create the Win-PE DVD or USB recovery disk that can be created by these programs, so that if your computer does become unbootable, you will be able to boot up from the recovery media and restore your backup system image.

 

Also, do you have any idea what the Behavior:Win32/Powermet.B!attk virus does? I have been doing a fair bit of browsing since I got notice of the virus so I'm wondering if it is know to collect passwords or other sensitive information such as banking information. Lastly, it looks like Windows defender had quarantined the virus as soon as it was detected. Do you think that did any anything to limit the spread of the virus or has it completely infected my entire computer?

 
There is very little information about this detection by Windows Defender.  Unfortunately, the anti-virus programs do not have a standard naming convention, so a single virus or malware program can have different names assigned to it by the various anti-virus companies.
 
I am not seeing any evidence of a backdoor trojan, ... so far, but until your computer is declared "clean", I would be keeping an eye on my bank accounts, if you use online banking.
 
I don't think that you need to be too concerned right now, but the sooner we start the disinfection process, the safer your computer will be.
 
So, if you could find time to backup your computer, and then follow the steps in my previous post, we can continue to analyze and disinfect anything that is found on your computer.
 
I should hopefully be back online later this afternoon, after I complete the weekly Friday imaging my two computers.

Thank you and have a great day.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#8 crosby

crosby
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 August 2017 - 07:26 PM

Hey Phil - I just ran Windows defender again and the virus that I was having issues with seems to have disappeared. I'm thinking that one of the other things that I did must have wiped it out.  What do you think? 



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 28 August 2017 - 05:06 AM

Sky:
 
Thank you for your post.  I am guessing that it might have been a "false positive" that was fixed with a Windows Defender definitions update, but let's really check out your computer to see if anything else is lurking about.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: I see that you have Malwarebytes installed on your computer.

  • Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

I am going to be off-line until tomorrow afternoon.  "Real life" gets in the way of my malware removal vocation from time to time. :(  Thank you for your patience and understanding.  Have a great day, Sky.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 31 August 2017 - 10:30 AM

Sky:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#11 crosby

crosby
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 31 August 2017 - 02:11 PM

Hi Phil - sorry I didn't get a notification from you previous post. Let me follow your instructions tomorrow and see if it was a false positive.

 

Thanks for the follow up post.

 

Sky



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 01 September 2017 - 05:35 AM

Sky:

 

I am glad that you are still with me.  Yes, the Board here does occasionally fail to notify when there is response to a thread. :(

 

I will await the results of the ESET online scan and Malwarebytes scans with interest.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 04 September 2017 - 02:34 PM

Sky:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#14 crosby

crosby
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 06 September 2017 - 01:06 PM

Hi Phil - Sorry I have had guests in town for the pas week and will be out of town doing some travelling and I won't have time to run the diagnostics in the next week. You might as well close the ticket. I'll start another thread if I have more issues.

 

Thanks a lot for your help.

Sky



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:37 AM

Posted 07 September 2017 - 05:30 AM

Sky:

 

Thank you for your post.  Yes, "real life" can get in the way! :busy:

 

If you have further similar issues, please send me, or a Moderator, a Personal Message, and we will reopen your topic for you.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users