Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

certain programs can't access internet, computer acting weird


  • This topic is locked This topic is locked
35 replies to this topic

#1 wardr

wardr

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 16 October 2017 - 11:11 AM

So I can't access the internet with Chrome any longer.  Firefox and Internet Explorer still work.  Most programs cannot update because it says I have no internet connectivity.  While using firefox, I will suddenly without warning lose the ability to click anything with the mouse.  I'll click something on a webpage like a link, but it will do nothing.  Other weird things that have happened: yesterday when I got home, my comptuer popped up a blue screen that said "windows is not activated" and gave me one box to go into settings.  This is a Dell computer I purchased like 6 years ago and never have I had an issue with activation. 

 

Coincidently my daughters computer in the other room (same network) stopped being able to access the internet at all, using any browser.  I cannot figure out how to get her compyuter back online.  This happened almost the same time I couldn't use Chrome to access the internet anymore.

 

For my router I have a flashed router with DD-WRT firmware.  I've noticed my daughters computer not listed in the DHCP clients, even though I know she is connected because I am access the router from her computer.  THat is the only webpage I can access from her computer.

 

This is the log from my computer:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2017
Ran by Administrator (administrator) on WENTZ (16-10-2017 10:14:14)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & ReportServer$SQLEXPRESS (Available Profiles: Ryan & Administrator & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(RoboHippo LLC) C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(SanDisk) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AMD) C:\Windows\System32\atieclxx.exe
(RoboHippo LLC) C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6193416 2016-04-26] (Box, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-10-03] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-27] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2016-05-23]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-09-25]
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Administrator\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
URLSearchHook: [S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-12-22] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-12-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bqkf7aim.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bqkf7aim.default [2017-10-16]
FF Extension: (Search Shield Study) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bqkf7aim.default\Extensions\@unified-urlbar-shield-study-opt-out-new-users.xpi [2017-10-16]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bqkf7aim.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-10-16]
CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-18]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-18]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-18]
CHR Extension: (IDM Integration Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-10-16]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-18]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
R2 hippovnc_service; C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe [1692160 2010-02-15] (RoboHippo LLC) [File not signed]
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1919472 2016-12-15] (Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2016-04-30] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-16] (Malwarebytes)
R1 MpKsl811b65ce; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB1B3354-5079-408C-99A1-EE985B8AF636}\MpKsl811b65ce.sys [58120 2017-10-15] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-16 10:14 - 2017-10-16 10:14 - 000021214 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-10-16 10:09 - 2017-10-16 10:09 - 002401792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-10-16 10:04 - 2017-10-16 10:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2017-10-16 10:04 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2017-10-16 10:04 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-10-16 10:04 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-10-16 10:02 - 2017-10-16 10:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\Box Sync
2017-10-16 10:02 - 2017-10-16 10:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2017-10-14 20:43 - 2017-10-16 09:58 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-13 13:08 - 2017-10-16 09:58 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-13 13:08 - 2017-10-13 13:08 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-13 13:07 - 2017-10-16 09:58 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-13 13:07 - 2017-10-16 09:58 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-13 13:07 - 2017-10-13 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-13 13:07 - 2017-10-13 13:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-13 13:07 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-13 13:06 - 2017-10-13 13:06 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-13 12:58 - 2017-10-13 12:58 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-13 12:58 - 2017-09-14 14:30 - 007439704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-13 12:58 - 2017-09-14 14:30 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-10-13 12:58 - 2017-09-14 14:29 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-10-13 12:58 - 2017-09-13 20:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-13 12:58 - 2017-09-13 20:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-13 12:58 - 2017-09-13 08:32 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-13 12:58 - 2017-09-13 08:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-13 12:58 - 2017-09-13 08:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-10-13 12:58 - 2017-09-09 13:53 - 022361864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-13 12:58 - 2017-09-09 12:55 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-13 12:58 - 2017-09-09 12:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-13 12:58 - 2017-09-09 11:10 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-13 12:58 - 2017-09-09 10:49 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-13 12:58 - 2017-09-09 10:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-13 12:58 - 2017-09-09 10:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-13 12:58 - 2017-09-08 22:50 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-13 12:58 - 2017-09-08 22:50 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-10-13 12:58 - 2017-09-08 13:21 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-10-13 12:58 - 2017-09-08 13:15 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-13 12:58 - 2017-09-08 12:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-13 12:58 - 2017-09-08 11:57 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-10-13 12:58 - 2017-09-07 16:33 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-13 12:58 - 2017-09-07 16:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-13 12:58 - 2017-09-07 16:32 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-13 12:58 - 2017-09-07 16:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-10-13 12:58 - 2017-09-07 16:17 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-10-13 12:58 - 2017-09-07 16:17 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-10-13 12:58 - 2017-09-07 16:15 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-10-13 12:58 - 2017-09-07 16:08 - 025729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-13 12:58 - 2017-09-07 16:00 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-13 12:58 - 2017-09-07 15:40 - 005982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-13 12:58 - 2017-09-07 15:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-10-13 12:58 - 2017-09-07 15:31 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-10-13 12:58 - 2017-09-07 15:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-10-13 12:58 - 2017-09-07 15:21 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-10-13 12:58 - 2017-09-07 15:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-10-13 12:58 - 2017-09-07 15:11 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-10-13 12:58 - 2017-09-07 15:10 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-10-13 12:58 - 2017-09-07 15:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-10-13 12:58 - 2017-09-07 15:08 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-10-13 12:58 - 2017-09-07 15:08 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-13 12:58 - 2017-09-07 14:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-10-13 12:58 - 2017-09-07 14:44 - 015262720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-13 12:58 - 2017-09-07 14:40 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-13 12:58 - 2017-09-07 14:27 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-13 12:58 - 2017-09-07 14:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-10-13 12:58 - 2017-09-07 14:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-10-13 12:58 - 2017-09-07 14:09 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-10-13 12:58 - 2017-09-07 14:04 - 020267008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-13 12:58 - 2017-09-07 14:03 - 002292736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-10-13 12:58 - 2017-09-07 13:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-13 12:58 - 2017-09-07 13:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-10-13 12:58 - 2017-09-07 13:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-10-13 12:58 - 2017-09-07 13:37 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-10-13 12:58 - 2017-09-07 13:33 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-10-13 12:58 - 2017-09-07 13:29 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-13 12:58 - 2017-09-07 13:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-10-13 12:58 - 2017-09-07 13:27 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-10-13 12:58 - 2017-09-07 13:26 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-10-13 12:58 - 2017-09-07 13:25 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-10-13 12:58 - 2017-09-07 13:24 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-13 12:58 - 2017-09-07 13:17 - 013677568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-13 12:58 - 2017-09-07 13:01 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-13 12:58 - 2017-09-07 12:57 - 001316864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-13 12:58 - 2017-09-07 12:57 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-10-13 12:58 - 2017-08-13 14:48 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-13 12:58 - 2017-08-13 12:52 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-13 12:58 - 2017-08-13 12:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-13 12:58 - 2017-08-13 11:33 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-13 12:58 - 2017-08-11 16:19 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2017-10-13 12:58 - 2017-08-11 16:14 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2017-10-13 12:58 - 2017-08-10 21:54 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-10-13 12:58 - 2017-08-10 21:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-10-13 12:58 - 2017-08-10 21:20 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-13 12:58 - 2017-08-10 21:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-13 12:58 - 2017-08-10 20:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-13 12:58 - 2017-08-06 16:50 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-10-13 12:58 - 2017-08-06 16:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-10-13 12:58 - 2017-08-06 16:13 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-10-13 12:58 - 2017-08-06 02:08 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-10-13 12:58 - 2017-08-01 21:19 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-13 12:58 - 2017-08-01 03:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-13 12:58 - 2016-07-08 09:17 - 000377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-10-13 12:58 - 2016-07-08 09:17 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-10-13 12:58 - 2016-07-07 17:32 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2017-10-13 12:58 - 2016-07-07 17:18 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-10-13 12:58 - 2016-07-07 17:10 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2017-10-13 12:58 - 2016-07-07 17:01 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2017-10-13 12:58 - 2016-07-07 16:04 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-10-13 12:58 - 2016-07-07 15:44 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-10-13 12:58 - 2016-07-07 15:41 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-10-13 12:58 - 2016-07-07 15:29 - 000704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-10-13 12:58 - 2016-07-07 15:23 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-10-13 12:58 - 2016-07-07 15:18 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2017-10-13 12:58 - 2016-07-07 15:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2017-10-13 12:58 - 2016-07-07 14:35 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-10-13 12:58 - 2016-07-07 14:14 - 000628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-10-13 12:58 - 2016-02-05 10:11 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2017-10-13 12:58 - 2016-02-05 10:11 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2017-10-13 12:58 - 2016-02-05 10:07 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2017-10-13 12:36 - 2017-10-13 12:38 - 000244676 _____ C:\TDSSKiller.3.1.0.12_13.10.2017_12.36.19_log.txt
2017-10-12 19:25 - 2017-10-16 10:13 - 000000000 ____D C:\tmp
2017-10-11 10:40 - 2017-10-15 15:30 - 000000000 ____D C:\newworkspace
2017-10-11 10:37 - 2017-10-16 10:02 - 000000000 ____D C:\userTMP
2017-10-05 14:16 - 2017-10-05 14:16 - 000000000 ____D C:\Users\Ryan\temp
2017-10-04 18:54 - 2017-10-04 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-03 05:21 - 2017-10-03 05:21 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-03 05:21 - 2017-10-03 05:21 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-03 05:21 - 2017-10-03 05:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-03 05:21 - 2017-10-03 05:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-29 20:15 - 2017-09-30 12:48 - 000000000 ___HD C:\Users\Ryan\AppData\Local\ESRI_Licensing
2017-09-25 16:54 - 2017-09-25 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-09-25 16:54 - 2017-09-25 16:54 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-25 16:53 - 2017-09-25 16:58 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-24 21:36 - 2017-09-24 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-24 21:36 - 2017-09-24 21:36 - 000000000 ____D C:\Program Files\iPod
2017-09-24 21:35 - 2017-09-24 21:36 - 000000000 ____D C:\Program Files\iTunes
2017-09-24 21:34 - 2017-09-24 21:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-24 21:34 - 2017-09-24 21:34 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-23 20:10 - 2017-08-30 15:23 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-09-23 20:10 - 2017-08-30 15:23 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-09-23 20:10 - 2017-08-30 15:23 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-09-23 20:10 - 2017-08-30 15:23 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-09-23 19:32 - 2017-09-23 19:32 - 000002570 _____ C:\Users\Ryan\Desktop\mbam-log-2017-09-23 (19-20-04).xml
2017-09-16 19:48 - 2017-09-16 19:48 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-09-16 19:47 - 2017-09-16 19:47 - 000000000 ____D C:\Program Files\ArcGIS
2017-09-16 19:45 - 2017-09-16 19:45 - 000000000 ____D C:\Users\Ryan\Documents\ArcGIS Pro 2.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-16 10:14 - 2016-06-04 18:30 - 000000000 ____D C:\FRST
2017-10-16 10:13 - 2016-03-18 18:33 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2017-10-16 10:08 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-16 10:08 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-16 10:04 - 2016-03-18 18:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\ClassicShell
2017-10-16 10:04 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-16 10:03 - 2016-03-18 18:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2017-10-16 10:02 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-16 10:02 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2017-10-16 10:02 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2017-10-16 10:02 - 2014-11-21 03:43 - 001038984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-16 10:02 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2017-10-16 10:01 - 2015-12-25 11:48 - 000000000 ____D C:\Users\Ryan\AppData\Local\ClassicShell
2017-10-16 10:01 - 2015-12-24 10:04 - 000000000 __RDO C:\Users\Ryan\OneDrive
2017-10-16 09:59 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2017-10-16 09:58 - 2016-05-27 02:18 - 000000000 ____D C:\Users\ReportServer$SQLEXPRESS
2017-10-16 09:58 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-15 22:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-15 15:30 - 2015-12-19 09:25 - 000000000 ____D C:\Users\Ryan\AppData\Local\Packages
2017-10-15 14:40 - 2016-02-12 22:46 - 000007679 _____ C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-10-14 23:25 - 2016-04-04 00:20 - 000000000 ____D C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
2017-10-14 21:21 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2017-10-14 20:42 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-10-13 13:59 - 2015-12-19 09:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2017-10-13 13:14 - 2013-08-22 09:44 - 016190720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\setup
2017-10-13 13:07 - 2015-12-25 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-13 13:07 - 2015-12-25 11:24 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-13 13:04 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 13:03 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-13 12:58 - 2015-12-23 23:50 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-13 10:38 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-12 19:31 - 2016-11-02 10:39 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-12 19:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-12 19:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-08 17:17 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-08 17:17 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-04 18:54 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-30 17:55 - 2016-02-13 01:29 - 000000000 ____D C:\Users\Ryan\AppData\Local\Microsoft Help
2017-09-30 11:57 - 2016-05-23 14:44 - 000000000 ____D C:\subsonic
2017-09-30 11:05 - 2016-02-13 05:21 - 000000501 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-29 22:46 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2017-09-29 22:45 - 2016-06-24 21:48 - 000000000 ____D C:\Users\Ryan\Downloads\Video
2017-09-29 20:15 - 2016-02-12 22:54 - 000000000 ____D C:\Users\Ryan\Documents\ArcGIS
2017-09-29 20:15 - 2016-02-12 22:54 - 000000000 ____D C:\Users\Ryan\AppData\Local\ESRI
2017-09-25 23:18 - 2017-04-04 21:13 - 000000000 ____D C:\Users\Ryan\.matplotlib
2017-09-24 21:34 - 2015-12-25 11:13 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-22 22:47 - 2015-12-25 10:41 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-09-22 22:47 - 2015-12-25 10:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-09-22 22:46 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-22 22:46 - 2013-08-22 10:36 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-22 22:46 - 2013-08-22 10:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-22 02:18 - 2015-12-25 10:40 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-16 19:56 - 2016-02-12 22:46 - 000000000 ____D C:\ProgramData\FLEXnet
2017-09-16 19:49 - 2016-02-12 22:54 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\ESRI
2017-09-16 19:48 - 2017-03-12 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS

==================== Files in the root of some directories =======

2017-02-02 10:39 - 2017-03-18 19:50 - 000004395 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-15 04:20

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2017
Ran by Administrator (16-10-2017 10:14:42)
Running from C:\Users\Administrator\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
AceThinker iPhone Screen Recorder V1.1.1 (HKLM-x32\...\{586c397f-382f-485a-bd89-afd132d4ff8e}_is1) (Version: 1.1.1 - APOWERSOFT LIMITED)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{28A4967F-DE0D-4076-B62D-A1A9EA62FF0A}) (Version: 2.0.8933 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.0.8933 - Environmental Systems Research Institute, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (HKLM-x32\...\{C5D59EB4-AE43-449C-80BF-C8DFC99FB36A}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (HKLM-x32\...\{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}) (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\{0B5D7DA7-9220-392F-89C6-4C75AB36E977}) (Version: 61.0.3163.100 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
MKVToolNix 9.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.4.0 - Moritz Bunkus)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{4A10DB6A-8093-40A8-BF1C-C3587B0A901D}) (Version: 1.3.3148 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d685b3b4-91da-4364-9e7d-f365a614d42b}) (Version: 1.3.3.3148 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PS_AIO_Software_min (HKLM-x32\...\{60D5EE24-2C43-45EF-87D4-C35EA2101878}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{CE291AB6-6E77-440B-8BA8-E8266F898A1C}) (Version: 4.9.165 - Echostar)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (HKLM\...\{B40B7A25-308B-4650-8B42-E51710CDD4D9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{026E123D-2160-46C7-A801-87D27D46835E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{700C00BA-E947-4B77-8EF1-588DF210E931}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Stopping Plex (HKLM-x32\...\{0F4F2C9B-2C85-4DBF-B385-3D6D44446C16}) (Version: 1.3.3148 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {07b40172-9807-3c1c-ba59-6079a4aac108} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {04594f02-32ea-3587-9086-f41d8e0913ce} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {89dd0924-32ad-3eef-af9e-47999ec8e5ea} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {6186e773-c867-3e53-bafc-97618c51f764} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {cb7cb4c9-490e-3599-b355-e16ba7b83aa6} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers1-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers2-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers2-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers3-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers4-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-02-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers5-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers5-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers6-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21315298-96AC-4473-B655-32600E8C7195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-12-22] (Microsoft Corporation)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-12] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {765CD50F-77D8-4E1D-8A75-E00A23D20948} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2017-10-13] (Microsoft Corporation)
Task: {883C6B29-1433-4842-B9DE-B682BAAA9903} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:E: -include:C: -allCritical -quiet]
Task: {9ED1BAC3-BD64-4928-83D1-6F9BB642B0AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-12-22] (Microsoft Corporation)
Task: {AA79C121-71C7-4862-9E29-B212AC5F9E14} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-12-22] (Microsoft Corporation)
Task: {DA1530D4-BBD4-4B98-8531-59F65A4D0A2B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {DAA61496-0E96-4D46-9565-0DE5D098873D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {F608962A-544A-4A5E-8B80-BD4C81C667B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-13 00:45 - 2016-05-24 09:51 - 000116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2016-04-30 09:44 - 2016-04-30 09:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2017-10-13 13:07 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-13 13:07 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-04-16 04:23 - 2011-01-07 00:53 - 000215040 _____ () C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-04-30 09:44 - 2016-04-30 09:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2015-10-16 05:02 - 2015-10-16 05:02 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-10-04 18:54 - 2017-10-03 05:21 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-10-04 18:54 - 2017-10-03 05:21 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-07-26 08:30 - 2017-10-03 05:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-04 18:54 - 2017-10-03 05:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-10-04 18:54 - 2017-10-03 05:21 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-07-26 08:30 - 2017-10-03 05:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-04 18:54 - 2017-10-03 05:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-04 18:54 - 2017-10-03 05:21 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-26 08:30 - 2017-10-03 05:22 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-20 15:12 - 2017-10-03 05:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 13:01 - 2017-10-03 05:22 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-26 08:30 - 2017-10-03 05:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-07-26 08:30 - 2017-10-03 05:22 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-04 18:54 - 2017-10-03 05:21 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-10-04 18:54 - 2017-10-03 05:22 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-07-26 08:30 - 2017-10-03 05:22 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-04 18:54 - 2017-10-03 05:22 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-10-04 18:54 - 2017-10-03 05:22 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-07-26 08:30 - 2017-10-03 05:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Ryan\AppData\Local\kKRE3FDwae0:0bmBt6pVXuyItYaJ0s799Y [2292]
AlternateDataStreams: C:\Users\Ryan\AppData\Local\mJ5qWA8PuhaXV:MoBI67GKnMX1aOhVk6h [2054]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-06-04 16:10 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1125547639-1294637962-2935245663-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C562DD7A-C919-40A2-A85F-8DF45658E41E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A03A723E-C0F1-4207-862E-EB260B3E82A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2098685-9A10-40A3-8DE9-581F2213EE03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7869F01-C621-4783-81A4-9E947E0DFEC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F123ECC-FC3B-48C6-B7FF-44ED2CB4A7DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EAF7703A-400F-4C94-B516-7FA829EA6573}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{471C64E8-878C-42C9-BDAE-2EFDE0956921}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{B58537B8-843B-4D53-BC5E-0F8938814CEE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{28C1412B-5E5D-4E37-B84A-020BB14446E1}] => (Allow) LPort=7935
FirewallRules: [{5FAF5979-CFA2-4CF3-938F-D96423639E23}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{809DC58F-F765-4E51-BB9D-1AD99ABBBE5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F962A29B-4FFD-401D-8E1C-81204B7D0B37}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{0B62FF79-0654-491B-A4FE-F7A1642C5DF3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6ACF1296-B49D-47C5-B655-0FBEF1D10123}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D8F38C5C-BD25-4D50-94A0-A410C193A953}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B5694A2C-84A9-4E26-BFEE-AF265F222CB8}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{71356807-35BB-431C-B733-8BE5782CDF6F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{82CF5298-FCDF-4110-A25D-5FF5A5EBFFC3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{D92A89F8-71C8-41F2-9035-1FE7CE7A0CC0}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{5CDEA0D2-2A84-407D-8312-E761C459CBE2}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{EB2EF1D4-C857-47BB-A29C-2B8AF8EAD9FD}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-service.exe
FirewallRules: [{1272FF0E-4E6F-445C-9A0E-18260AC5E624}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-service.exe
FirewallRules: [{B9B62C0E-8A56-494F-A967-21E932C16D38}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent.exe
FirewallRules: [{12D63537-76D6-4055-B395-DA592B4BF54A}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent.exe
FirewallRules: [{11DD90BD-AA83-4DF7-A75A-42D23099C861}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent-elevated.exe
FirewallRules: [{5D561EC8-78C7-4619-A186-76B38103702B}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent-elevated.exe
FirewallRules: [TCP Query User{B04A5F1A-F1CF-4017-81D6-9975313577ED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{018B12EE-8215-40A6-97EA-0D67D8DE083C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FC83EEE8-36D8-430E-A2F1-8FF424A2FD51}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [UDP Query User{169DA8D8-EB07-4373-A251-1C11DF84A934}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [TCP Query User{469E3B80-314F-468A-9CA4-0176A73B3E01}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{7B319C27-4B8C-4180-9CD0-8921013FAA22}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{A39084E3-CFDB-4201-ADC1-AAA04276152F}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{D2546505-BE3A-43A7-AD87-E2C539EC6FBE}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [TCP Query User{E08A0510-4E2B-4192-8ACB-61A6BF1797E9}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{0D16DA90-697D-4DCE-9C18-A237AA93BEC8}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{D65A4278-7415-41A3-BC8A-FC3A06A0A4D5}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F96D874-1FCC-4261-96AC-ADF722BD0130}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2FDEB43-FDD1-4CCD-88E3-4D1FB2FFEEBD}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E882FA9C-2890-4EF9-8605-0BDBAE1F6D54}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9300B2F0-A5E0-449D-A014-E21D7CC62303}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6449F34C-87EE-426C-8975-6459FE66BEB0}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD4C00EE-FD06-4DC3-BD57-5860D440C968}] => (Allow) C:\Program Files (x86)\AceThinker\AceThinker iPhone Screen Recorder\AceThinker iPhone Screen Recorder.exe
FirewallRules: [{3CF28342-2DDA-4A01-A7EB-18201AFBB098}] => (Allow) C:\Program Files (x86)\AceThinker\AceThinker iPhone Screen Recorder\AceThinker iPhone Screen Recorder.exe
FirewallRules: [{643F9CA4-BD51-404D-AA28-04F3B05B4C67}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{BCADA623-522E-4723-BF6E-566814FEF1D6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{E510871B-D7DF-42C8-806D-B940E8DE9EDB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [TCP Query User{53FEC35D-96A4-49B6-B071-1E6DD803E29B}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{20081908-42E4-47C5-BD6E-122F928A3A4F}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{33D2F359-5119-4A32-ADF6-C9FBA5ADE858}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{0F59059D-4C28-49AF-9DD9-2D5E47C4D018}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{7C06A5E0-FDE8-477B-9CE6-7838AE4BC9D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B27F87D3-F7DA-4855-A382-5D402C1D4278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A997855E-96EC-4A72-BA0D-2BBF5B120BD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2E6B56CF-68CA-4CFB-9D75-5319F9373183}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{49EEBB09-364C-4156-892F-CF822194D26B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{530D41A7-6B05-41AA-B2A5-FC55BB7815CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A7A92A88-16F6-4C04-8B33-5E4211C5550D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{64001E71-D56E-40D3-9380-2BF0806E8014}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{2F9BCCE5-D447-4BBE-9BD4-026A35870B08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{609F6851-CEEB-4A50-9302-7DA482D77A81}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3250A3BB-FAB3-4A41-BF04-86563E6546B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{63672589-FFE1-4A11-8EDF-2AB3FDBC7215}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E8453462-99E9-4205-A397-0AF5E6A62509}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B299DAC6-562E-45C9-ABE3-F6DAE90EB224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9F7D75FF-6F4E-4FCD-BDBE-293ADB26EDA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{59048188-1498-4551-B4D4-F72B3A47AA96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{620101AF-7E2F-4058-BDC3-FAE8143F64CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{853CDAB9-385E-4C28-84A2-D9E59B5408E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E21B7040-A7B3-4507-BD37-17A3BE3FEB55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{118E1CC1-76D0-4D8A-A5EA-89721C01AA41}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

11-10-2017 10:48:37 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2017 10:02:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE2
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (10/16/2017 10:02:59 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76

Error: (10/16/2017 10:02:59 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (10/16/2017 10:01:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE2
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (10/16/2017 10:01:38 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76

Error: (10/16/2017 10:01:38 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (10/16/2017 09:59:12 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (10/16/2017 09:59:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (10/16/2017 09:58:45 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.

Error: (10/16/2017 09:58:11 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17058) (User: )
Description: initerrlog: Could not open error log file 'E:\data_files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Log\ERRORLOG'. Operating system error = 3(The system cannot find the path specified.).


System errors:
=============
Error: (10/16/2017 09:59:13 AM) (Source: DCOM) (EventID: 10010) (User: WENTZ)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (10/16/2017 09:58:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/16/2017 09:57:59 AM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.

Error: (10/16/2017 09:58:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:54:03 PM on ‎10/‎15/‎2017 was unexpected.

Error: (10/15/2017 02:54:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/15/2017 02:53:56 PM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.

Error: (10/15/2017 02:52:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/15/2017 02:52:18 PM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.

Error: (10/14/2017 08:43:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2017 08:42:25 PM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.


CodeIntegrity:
===================================
  Date: 2017-02-13 21:46:07.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:06.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:06.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:04.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:04.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:37:54.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:37:54.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 16247.11 MB
Available physical RAM: 9975.5 MB
Total Virtual: 17247.11 MB
Available Virtual: 10853.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:16.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 000C42CE)
Partition 1: (Active) - (Size=1863 GB) - (Type=83)
 Could not read MBR for disk 2.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 21 October 2017 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/660395 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 21 October 2017 - 02:26 PM

1. in addition to what I wrote on the original message, my keyboard randomly stops working, along with the mouse. To get them to work again, I have to either reset the computer or plug them into different USB ports.  The blue screen "activate windows" keeps coming up, saying I have not activated windows.  Most programs cannot update because it says I have no internet access. Chrome does not work anymore. Firefox and Internet Explorer are the only programs able to access the internet.

 

2. FRST does not download any longer, it says "connection timeout".  I tried downloading it with Firefox and internet explorer, same issue. I used the "administrator" account to download it last time, so I am using that same copy again from my regular user account.  Here is the log (tried to update, could not do so):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2017
Ran by Ryan (administrator) on WENTZ (21-10-2017 14:24:14)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & ReportServer$SQLEXPRESS (Available Profiles: Ryan & Administrator & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(SanDisk) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6193416 2016-04-26] (Box, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4027504 2017-08-05] (Tonec Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-23] (Spotify Ltd)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [LAN Messenger] => C:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-27] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2016-05-23]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-09-25]
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: [S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-12-22] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-12-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7og14rox.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default [2017-10-21]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7og14rox.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\7og14rox.default -> hxxp://wardcloud.site:4040/
FF Extension: (Disconnect) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Geolocater) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\geolocater@3liz.com [2016-11-20]
FF Extension: (Disable CSS) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-1VwU0d7h7azvou6XbFWe9tmQyoQ@jetpack.xpi [2016-04-27]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-29]
FF Extension: (Decentraleyes) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2017-10-13]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-30]
FF Extension: (Save as PDF) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-10-14]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\support@lastpass.com [2017-10-15]
FF Extension: (uBlock Origin) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-11]
FF Extension: (FireShot) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-09-06]
FF Extension: (Capture & Print) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2016-06-24]
FF Extension: (JavaScript on-off applet) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-04-03]
FF Extension: (RightToClick) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-07-14]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2017-04-15] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://startpage.com/do/mypage.pl?prf=e2b7629e1b7621b081186651680bef3d%20in%20the%20%22Add%20a%20new%20page%22%20text%20field.
CHR StartupUrls: Default -> "hxxps://startpage.com/do/mypage.pl?prf=53ef2b241b727485d0f025cc3ef67d93","hxxps://startpage.com/do/mypage.pl?prf=76ff7e8dcc82d78d6bfcce131eb1c2b6"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-10-21]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-07-26]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Advanced Font Settings) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2016-04-16]
CHR Extension: (Adblock Plus) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-30]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Pandora) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-12-25]
CHR Extension: (Full Page Screen Capture) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-12-25]
CHR Extension: (Plex) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-01-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-10-05]
CHR Extension: (Select and Speak - Text to Speech (SpeakIt!)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2017-07-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-09-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-13]
CHR Extension: (Flying Paint) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaddkdiibkddhdbcmmplkhcpgeinggfo [2017-05-14]
CHR Extension: (Live HTTP Headers) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2016-10-30]
CHR Extension: (Dropbox) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-12-25]
CHR Extension: (Clearly) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-12-25]
CHR Extension: (Jamstash) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2016-06-25]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-12-25]
CHR Extension: (Mohiomap) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2016-02-20]
CHR Extension: (disable-HTML) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfhjgihpknekohffabeddfkmoiklonhm [2015-12-25]
CHR Extension: (Linkclump) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2017-06-15]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-09-13]
CHR Extension: (Ghostery) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-11]
CHR Extension: (Page Archive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboajopncigfmjdnjcgkefdpijgjegjg [2015-12-25]
CHR Extension: (IDM Integration Module) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-26]
CHR Extension: (Broken Link Checker) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibppfobembgfmejpjaaeocbogeonhch [2016-12-27]
CHR Extension: (Don't bleep With Paste) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgllhigpcljnhoakjkgaieabnkmgdkb [2017-08-23]
CHR Extension: (Autofill) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (WayBack Chrome) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phabfadigilgfagiclfpjnjljedbjclf [2016-04-16]
CHR Extension: (Evernote Web Clipper) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-09-11]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR Extension: (SMS Text Message Scheduler for Google Voice™) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\podfahadlppahcknimehicajmjdcfieb [2015-12-25]
CHR Extension: (Web Archive for WayBack Machine) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppokigfjbmhncgkabghdgpiafjdpllke [2016-04-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-17] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
S2 hippovnc_service; C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe [1692160 2010-02-15] (RoboHippo LLC) [File not signed]
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1919472 2016-12-15] (Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2016-04-30] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-16] (Malwarebytes)
R1 MpKsl7a9376bb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB1B3354-5079-408C-99A1-EE985B8AF636}\MpKsl7a9376bb.sys [58120 2017-10-16] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 aswMBR; \??\c:\userTEMP\aswMBR.sys [X]
U3 aswVmm; \??\c:\userTEMP\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-21 14:24 - 2017-10-21 14:24 - 000031475 _____ C:\Users\Ryan\Desktop\FRST.txt
2017-10-21 14:22 - 2017-10-16 10:09 - 002401792 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2017-10-19 18:35 - 2017-10-19 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-17 10:48 - 2017-10-17 10:48 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-17 10:48 - 2017-10-17 10:48 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-17 10:48 - 2017-10-17 10:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-17 10:48 - 2017-10-17 10:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-16 20:35 - 2017-10-21 14:16 - 000000000 ____D C:\userTEMP
2017-10-16 20:29 - 2017-10-16 20:34 - 000899390 _____ C:\TDSSKiller.3.1.0.12_16.10.2017_20.29.17_log.txt
2017-10-16 20:25 - 2017-10-16 20:28 - 000241884 _____ C:\TDSSKiller.3.1.0.12_16.10.2017_20.25.57_log.txt
2017-10-16 20:25 - 2017-02-14 19:39 - 004747704 _____ (AO Kaspersky Lab) C:\Users\Ryan\Desktop\ryanward.exe
2017-10-16 18:51 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2017-10-16 10:14 - 2017-10-16 10:14 - 000075124 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-10-16 10:14 - 2017-10-16 10:14 - 000044173 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-10-16 10:09 - 2017-10-16 10:09 - 002401792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-10-16 10:04 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-10-16 10:04 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2017-10-14 20:43 - 2017-10-16 20:29 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-13 13:08 - 2017-10-16 20:29 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-13 13:08 - 2017-10-13 13:08 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-13 13:07 - 2017-10-16 20:29 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-13 13:07 - 2017-10-16 20:29 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-13 13:07 - 2017-10-13 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-13 13:07 - 2017-10-13 13:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-13 13:07 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-13 13:06 - 2017-10-13 13:06 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-13 12:58 - 2017-10-13 12:58 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-13 12:58 - 2017-09-14 14:30 - 007439704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-13 12:58 - 2017-09-14 14:30 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-10-13 12:58 - 2017-09-14 14:29 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-10-13 12:58 - 2017-09-13 20:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-13 12:58 - 2017-09-13 20:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-13 12:58 - 2017-09-13 08:32 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-13 12:58 - 2017-09-13 08:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-13 12:58 - 2017-09-13 08:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-10-13 12:58 - 2017-09-09 13:53 - 022361864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-13 12:58 - 2017-09-09 12:55 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-13 12:58 - 2017-09-09 12:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-13 12:58 - 2017-09-09 11:10 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-13 12:58 - 2017-09-09 10:49 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-13 12:58 - 2017-09-09 10:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-13 12:58 - 2017-09-09 10:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-13 12:58 - 2017-09-08 22:50 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-13 12:58 - 2017-09-08 22:50 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-10-13 12:58 - 2017-09-08 13:21 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-10-13 12:58 - 2017-09-08 13:15 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-13 12:58 - 2017-09-08 12:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-13 12:58 - 2017-09-08 11:57 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-10-13 12:58 - 2017-09-07 16:33 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-13 12:58 - 2017-09-07 16:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-13 12:58 - 2017-09-07 16:32 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-13 12:58 - 2017-09-07 16:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-10-13 12:58 - 2017-09-07 16:17 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-10-13 12:58 - 2017-09-07 16:17 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-10-13 12:58 - 2017-09-07 16:15 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-10-13 12:58 - 2017-09-07 16:08 - 025729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-13 12:58 - 2017-09-07 16:00 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-13 12:58 - 2017-09-07 15:40 - 005982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-13 12:58 - 2017-09-07 15:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-10-13 12:58 - 2017-09-07 15:31 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-10-13 12:58 - 2017-09-07 15:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-10-13 12:58 - 2017-09-07 15:21 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-10-13 12:58 - 2017-09-07 15:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-10-13 12:58 - 2017-09-07 15:11 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-10-13 12:58 - 2017-09-07 15:10 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-10-13 12:58 - 2017-09-07 15:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-10-13 12:58 - 2017-09-07 15:08 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-10-13 12:58 - 2017-09-07 15:08 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-13 12:58 - 2017-09-07 14:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-10-13 12:58 - 2017-09-07 14:44 - 015262720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-13 12:58 - 2017-09-07 14:40 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-13 12:58 - 2017-09-07 14:27 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-13 12:58 - 2017-09-07 14:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-10-13 12:58 - 2017-09-07 14:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-10-13 12:58 - 2017-09-07 14:09 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-10-13 12:58 - 2017-09-07 14:04 - 020267008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-13 12:58 - 2017-09-07 14:03 - 002292736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-10-13 12:58 - 2017-09-07 13:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-13 12:58 - 2017-09-07 13:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-10-13 12:58 - 2017-09-07 13:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-10-13 12:58 - 2017-09-07 13:37 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-10-13 12:58 - 2017-09-07 13:33 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-10-13 12:58 - 2017-09-07 13:29 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-13 12:58 - 2017-09-07 13:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-10-13 12:58 - 2017-09-07 13:27 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-10-13 12:58 - 2017-09-07 13:26 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-10-13 12:58 - 2017-09-07 13:25 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-10-13 12:58 - 2017-09-07 13:24 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-13 12:58 - 2017-09-07 13:17 - 013677568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-13 12:58 - 2017-09-07 13:01 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-13 12:58 - 2017-09-07 12:57 - 001316864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-13 12:58 - 2017-09-07 12:57 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-10-13 12:58 - 2017-08-13 14:48 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-13 12:58 - 2017-08-13 12:52 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-13 12:58 - 2017-08-13 12:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-13 12:58 - 2017-08-13 11:33 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-13 12:58 - 2017-08-11 16:19 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2017-10-13 12:58 - 2017-08-11 16:14 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2017-10-13 12:58 - 2017-08-10 21:54 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-10-13 12:58 - 2017-08-10 21:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-10-13 12:58 - 2017-08-10 21:20 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-13 12:58 - 2017-08-10 21:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-13 12:58 - 2017-08-10 20:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-13 12:58 - 2017-08-06 16:50 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-10-13 12:58 - 2017-08-06 16:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-10-13 12:58 - 2017-08-06 16:13 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-10-13 12:58 - 2017-08-06 02:08 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-10-13 12:58 - 2017-08-01 21:19 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-13 12:58 - 2017-08-01 03:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-13 12:58 - 2016-07-08 09:17 - 000377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-10-13 12:58 - 2016-07-08 09:17 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-10-13 12:58 - 2016-07-07 17:32 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2017-10-13 12:58 - 2016-07-07 17:18 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-10-13 12:58 - 2016-07-07 17:10 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2017-10-13 12:58 - 2016-07-07 17:01 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2017-10-13 12:58 - 2016-07-07 16:04 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-10-13 12:58 - 2016-07-07 15:44 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-10-13 12:58 - 2016-07-07 15:41 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-10-13 12:58 - 2016-07-07 15:29 - 000704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-10-13 12:58 - 2016-07-07 15:23 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-10-13 12:58 - 2016-07-07 15:18 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2017-10-13 12:58 - 2016-07-07 15:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2017-10-13 12:58 - 2016-07-07 14:35 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-10-13 12:58 - 2016-07-07 14:14 - 000628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-10-13 12:58 - 2016-02-05 10:11 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2017-10-13 12:58 - 2016-02-05 10:11 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2017-10-13 12:58 - 2016-02-05 10:07 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2017-10-13 12:36 - 2017-10-13 12:38 - 000244676 _____ C:\TDSSKiller.3.1.0.12_13.10.2017_12.36.19_log.txt
2017-10-12 19:25 - 2017-10-21 14:14 - 000000000 ____D C:\tmp
2017-10-11 10:40 - 2017-10-15 15:30 - 000000000 ____D C:\newworkspace
2017-10-11 10:37 - 2017-10-21 14:24 - 000000000 ____D C:\userTMP
2017-10-05 14:16 - 2017-10-05 14:16 - 000000000 ____D C:\Users\Ryan\temp
2017-09-25 16:54 - 2017-09-25 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-09-25 16:54 - 2017-09-25 16:54 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-25 16:53 - 2017-09-25 16:58 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-24 21:36 - 2017-09-24 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-24 21:36 - 2017-09-24 21:36 - 000000000 ____D C:\Program Files\iPod
2017-09-24 21:35 - 2017-09-24 21:36 - 000000000 ____D C:\Program Files\iTunes
2017-09-24 21:34 - 2017-09-24 21:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-24 21:34 - 2017-09-24 21:34 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-23 20:10 - 2017-08-30 15:23 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-09-23 20:10 - 2017-08-30 15:23 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-09-23 20:10 - 2017-08-30 15:23 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-09-23 20:10 - 2017-08-30 15:23 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-21 14:24 - 2016-06-04 18:30 - 000000000 ____D C:\FRST
2017-10-21 14:22 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2017-10-21 14:22 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2017-10-21 13:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-20 14:33 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-19 18:40 - 2015-12-19 09:32 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2017-10-19 18:35 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-17 00:33 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-16 22:31 - 2016-11-02 10:39 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-16 22:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-16 22:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-16 20:36 - 2016-06-04 15:45 - 000000000 ____D C:\AdwCleaner
2017-10-16 20:33 - 2014-11-21 03:43 - 001038984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-16 20:33 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2017-10-16 20:29 - 2015-12-24 10:04 - 000000000 ___DO C:\Users\Ryan\OneDrive
2017-10-16 20:28 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-16 20:28 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-16 20:28 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-16 20:28 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-10-16 10:24 - 2016-03-18 18:33 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2017-10-16 10:08 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-16 10:08 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-16 10:04 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-16 09:59 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2017-10-16 09:58 - 2016-05-27 02:18 - 000000000 ____D C:\Users\ReportServer$SQLEXPRESS
2017-10-14 21:21 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 13:14 - 2013-08-22 09:44 - 016190720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\setup
2017-10-13 13:07 - 2015-12-25 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-13 13:07 - 2015-12-25 11:24 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-13 13:04 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 13:03 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-13 12:58 - 2015-12-23 23:50 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-30 11:57 - 2016-05-23 14:44 - 000000000 ____D C:\subsonic
2017-09-30 11:05 - 2016-02-13 05:21 - 000000501 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-29 22:46 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2017-09-29 22:45 - 2016-06-24 21:48 - 000000000 ____D C:\Users\Ryan\Downloads\Video
2017-09-29 20:15 - 2016-02-12 22:54 - 000000000 ____D C:\Users\Ryan\Documents\ArcGIS
2017-09-25 23:18 - 2017-04-04 21:13 - 000000000 ____D C:\Users\Ryan\.matplotlib
2017-09-24 21:34 - 2015-12-25 11:13 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-22 22:47 - 2015-12-25 10:41 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-09-22 22:47 - 2015-12-25 10:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-09-22 22:46 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-22 22:46 - 2013-08-22 10:36 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-22 22:46 - 2013-08-22 10:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-22 02:18 - 2015-12-25 10:40 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-07-08 23:43 - 2016-07-08 23:44 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-05-10 20:57 - 2017-08-29 15:52 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-05-10 15:51 - 2017-09-11 18:09 - 000001456 _____ () C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-02-12 22:46 - 2017-10-15 14:40 - 000007679 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-01-01 09:48 - 2017-01-01 09:48 - 000018432 _____ () C:\Users\Ryan\AppData\Local\WebpageIcons.db
2017-02-02 10:39 - 2017-03-18 19:50 - 000004395 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-15 04:20

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2017
Ran by Ryan (21-10-2017 14:24:42)
Running from C:\Users\Ryan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
AceThinker iPhone Screen Recorder V1.1.1 (HKLM-x32\...\{586c397f-382f-485a-bd89-afd132d4ff8e}_is1) (Version: 1.1.1 - APOWERSOFT LIMITED)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{28A4967F-DE0D-4076-B62D-A1A9EA62FF0A}) (Version: 2.0.8933 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.0.8933 - Environmental Systems Research Institute, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (HKLM-x32\...\{C5D59EB4-AE43-449C-80BF-C8DFC99FB36A}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (HKLM-x32\...\{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}) (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\{0B5D7DA7-9220-392F-89C6-4C75AB36E977}) (Version: 61.0.3163.100 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
MKVToolNix 9.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.4.0 - Moritz Bunkus)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{4A10DB6A-8093-40A8-BF1C-C3587B0A901D}) (Version: 1.3.3148 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d685b3b4-91da-4364-9e7d-f365a614d42b}) (Version: 1.3.3.3148 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PS_AIO_Software_min (HKLM-x32\...\{60D5EE24-2C43-45EF-87D4-C35EA2101878}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{CE291AB6-6E77-440B-8BA8-E8266F898A1C}) (Version: 4.9.165 - Echostar)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (HKLM\...\{B40B7A25-308B-4650-8B42-E51710CDD4D9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{026E123D-2160-46C7-A801-87D27D46835E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{700C00BA-E947-4B77-8EF1-588DF210E931}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Stopping Plex (HKLM-x32\...\{0F4F2C9B-2C85-4DBF-B385-3D6D44446C16}) (Version: 1.3.3148 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\WinDirStat) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {07b40172-9807-3c1c-ba59-6079a4aac108} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {04594f02-32ea-3587-9086-f41d8e0913ce} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {89dd0924-32ad-3eef-af9e-47999ec8e5ea} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {6186e773-c867-3e53-bafc-97618c51f764} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {cb7cb4c9-490e-3599-b355-e16ba7b83aa6} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers1-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers2-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers2-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers3-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers4-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-02-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers5-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers5-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers6-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21315298-96AC-4473-B655-32600E8C7195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-12-22] (Microsoft Corporation)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {883C6B29-1433-4842-B9DE-B682BAAA9903} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:E: -include:C: -allCritical -quiet]
Task: {9ED1BAC3-BD64-4928-83D1-6F9BB642B0AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-12-22] (Microsoft Corporation)
Task: {AA79C121-71C7-4862-9E29-B212AC5F9E14} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-12-22] (Microsoft Corporation)
Task: {DA1530D4-BBD4-4B98-8531-59F65A4D0A2B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {DAA61496-0E96-4D46-9565-0DE5D098873D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {F608962A-544A-4A5E-8B80-BD4C81C667B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ryan\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Plex.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-13 00:45 - 2016-05-24 09:51 - 000116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2016-04-30 09:44 - 2016-04-30 09:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2016-08-05 07:56 - 2016-05-24 11:43 - 008909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-16 04:23 - 2011-01-07 00:53 - 000215040 _____ () C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-10-13 13:07 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-13 13:07 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-04-30 09:44 - 2016-04-30 09:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2016-12-15 14:53 - 2016-12-15 14:53 - 000083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-10-31 18:45 - 2016-10-31 18:45 - 000321208 _____ () C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\libtidy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-06-04 16:10 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\Microsoft\Windows\Themes\Panoramic\DesktopBackground\desertpanoramas11.jpg
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "LAN Messenger"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C562DD7A-C919-40A2-A85F-8DF45658E41E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A03A723E-C0F1-4207-862E-EB260B3E82A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2098685-9A10-40A3-8DE9-581F2213EE03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7869F01-C621-4783-81A4-9E947E0DFEC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F123ECC-FC3B-48C6-B7FF-44ED2CB4A7DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EAF7703A-400F-4C94-B516-7FA829EA6573}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{471C64E8-878C-42C9-BDAE-2EFDE0956921}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{B58537B8-843B-4D53-BC5E-0F8938814CEE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{28C1412B-5E5D-4E37-B84A-020BB14446E1}] => (Allow) LPort=7935
FirewallRules: [{5FAF5979-CFA2-4CF3-938F-D96423639E23}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{809DC58F-F765-4E51-BB9D-1AD99ABBBE5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F962A29B-4FFD-401D-8E1C-81204B7D0B37}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{0B62FF79-0654-491B-A4FE-F7A1642C5DF3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6ACF1296-B49D-47C5-B655-0FBEF1D10123}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D8F38C5C-BD25-4D50-94A0-A410C193A953}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B5694A2C-84A9-4E26-BFEE-AF265F222CB8}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{71356807-35BB-431C-B733-8BE5782CDF6F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{82CF5298-FCDF-4110-A25D-5FF5A5EBFFC3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{D92A89F8-71C8-41F2-9035-1FE7CE7A0CC0}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{5CDEA0D2-2A84-407D-8312-E761C459CBE2}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{EB2EF1D4-C857-47BB-A29C-2B8AF8EAD9FD}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-service.exe
FirewallRules: [{1272FF0E-4E6F-445C-9A0E-18260AC5E624}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-service.exe
FirewallRules: [{B9B62C0E-8A56-494F-A967-21E932C16D38}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent.exe
FirewallRules: [{12D63537-76D6-4055-B395-DA592B4BF54A}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent.exe
FirewallRules: [{11DD90BD-AA83-4DF7-A75A-42D23099C861}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent-elevated.exe
FirewallRules: [{5D561EC8-78C7-4619-A186-76B38103702B}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent-elevated.exe
FirewallRules: [TCP Query User{B04A5F1A-F1CF-4017-81D6-9975313577ED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{018B12EE-8215-40A6-97EA-0D67D8DE083C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FC83EEE8-36D8-430E-A2F1-8FF424A2FD51}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [UDP Query User{169DA8D8-EB07-4373-A251-1C11DF84A934}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [TCP Query User{469E3B80-314F-468A-9CA4-0176A73B3E01}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{7B319C27-4B8C-4180-9CD0-8921013FAA22}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{A39084E3-CFDB-4201-ADC1-AAA04276152F}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{D2546505-BE3A-43A7-AD87-E2C539EC6FBE}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [TCP Query User{E08A0510-4E2B-4192-8ACB-61A6BF1797E9}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{0D16DA90-697D-4DCE-9C18-A237AA93BEC8}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{D65A4278-7415-41A3-BC8A-FC3A06A0A4D5}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F96D874-1FCC-4261-96AC-ADF722BD0130}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2FDEB43-FDD1-4CCD-88E3-4D1FB2FFEEBD}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E882FA9C-2890-4EF9-8605-0BDBAE1F6D54}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9300B2F0-A5E0-449D-A014-E21D7CC62303}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6449F34C-87EE-426C-8975-6459FE66BEB0}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD4C00EE-FD06-4DC3-BD57-5860D440C968}] => (Allow) C:\Program Files (x86)\AceThinker\AceThinker iPhone Screen Recorder\AceThinker iPhone Screen Recorder.exe
FirewallRules: [{3CF28342-2DDA-4A01-A7EB-18201AFBB098}] => (Allow) C:\Program Files (x86)\AceThinker\AceThinker iPhone Screen Recorder\AceThinker iPhone Screen Recorder.exe
FirewallRules: [{643F9CA4-BD51-404D-AA28-04F3B05B4C67}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{BCADA623-522E-4723-BF6E-566814FEF1D6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{E510871B-D7DF-42C8-806D-B940E8DE9EDB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [TCP Query User{53FEC35D-96A4-49B6-B071-1E6DD803E29B}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{20081908-42E4-47C5-BD6E-122F928A3A4F}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{33D2F359-5119-4A32-ADF6-C9FBA5ADE858}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{0F59059D-4C28-49AF-9DD9-2D5E47C4D018}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{7C06A5E0-FDE8-477B-9CE6-7838AE4BC9D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B27F87D3-F7DA-4855-A382-5D402C1D4278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A997855E-96EC-4A72-BA0D-2BBF5B120BD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2E6B56CF-68CA-4CFB-9D75-5319F9373183}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{49EEBB09-364C-4156-892F-CF822194D26B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{530D41A7-6B05-41AA-B2A5-FC55BB7815CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A7A92A88-16F6-4C04-8B33-5E4211C5550D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{64001E71-D56E-40D3-9380-2BF0806E8014}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{2F9BCCE5-D447-4BBE-9BD4-026A35870B08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{609F6851-CEEB-4A50-9302-7DA482D77A81}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3250A3BB-FAB3-4A41-BF04-86563E6546B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{63672589-FFE1-4A11-8EDF-2AB3FDBC7215}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E8453462-99E9-4205-A397-0AF5E6A62509}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B299DAC6-562E-45C9-ABE3-F6DAE90EB224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9F7D75FF-6F4E-4FCD-BDBE-293ADB26EDA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{59048188-1498-4551-B4D4-F72B3A47AA96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{620101AF-7E2F-4058-BDC3-FAE8143F64CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{853CDAB9-385E-4C28-84A2-D9E59B5408E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E21B7040-A7B3-4507-BD37-17A3BE3FEB55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6835ED75-3855-4974-974F-B9FB52E5D398}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

11-10-2017 10:48:37 Scheduled Checkpoint
20-10-2017 04:12:12 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2017 08:32:59 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.

Error: (10/20/2017 08:32:40 PM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.

Error: (10/20/2017 08:30:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE2
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=TimerEvent

Error: (10/20/2017 08:30:00 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76

Error: (10/20/2017 08:30:00 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (10/20/2017 08:29:46 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76

Error: (10/20/2017 08:29:46 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (10/20/2017 08:32:22 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.

Error: (10/19/2017 08:31:59 PM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.

Error: (10/19/2017 08:30:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE2
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (10/16/2017 08:38:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hippovnc_service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/16/2017 08:29:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/16/2017 08:28:27 PM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.

Error: (10/16/2017 07:27:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Privacyware network service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/16/2017 06:51:23 PM) (Source: DCOM) (EventID: 10000) (User: WENTZ)
Description: Unable to start a DCOM Server: {E44E9428-BDBC-4987-A099-40DC8FD255E7}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\OpenWith.exe -Embedding

Error: (10/16/2017 06:51:23 PM) (Source: DCOM) (EventID: 10010) (User: WENTZ)
Description: The server {E44E9428-BDBC-4987-A099-40DC8FD255E7} did not register with DCOM within the required timeout.

Error: (10/16/2017 06:49:37 PM) (Source: DCOM) (EventID: 10010) (User: WENTZ)
Description: The server {E44E9428-BDBC-4987-A099-40DC8FD255E7} did not register with DCOM within the required timeout.

Error: (10/16/2017 10:25:39 AM) (Source: DCOM) (EventID: 10010) (User: WENTZ)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (10/16/2017 10:25:08 AM) (Source: DCOM) (EventID: 10010) (User: WENTZ)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (10/16/2017 09:59:13 AM) (Source: DCOM) (EventID: 10010) (User: WENTZ)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-02-13 21:46:07.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:06.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:06.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:04.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:04.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:37:54.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:37:54.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 16247.11 MB
Available physical RAM: 9059.23 MB
Total Virtual: 17247.11 MB
Available Virtual: 9616.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:16.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 000C42CE)
Partition 1: (Active) - (Size=1863 GB) - (Type=83)
 Could not read MBR for disk 2.

==================== End of Addition.txt ============================

 

 

3. I do not have original Windows CD, and I have Windows 8.1 Pro.



#4 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 23 October 2017 - 12:55 PM

This is taking far longer than expected it's been like over a week, I think I will just try to do this myself with your downloadable tools. If I can't figure it out I'll keep monitoring this to see if anyone replied. Thanks.

#5 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 26 October 2017 - 12:28 PM

I used the following tools with no success:
Rogue killer
Show-hidden
Adwcleaner
Superantispyware
JRT
Tweaking.com all in one Windows repair

Here is a new farbar log in next post

#6 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 26 October 2017 - 12:31 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2017
Ran by Ryan (administrator) on WENTZ (26-10-2017 12:27:44)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & ReportServer$SQLEXPRESS (Available Profiles: Ryan & Mal & Administrator & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(RoboHippo LLC) C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(SanDisk) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(RoboHippo LLC) C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6193416 2016-04-26] (Box, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4027504 2017-08-05] (Tonec Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-23] (Spotify Ltd)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [LAN Messenger] => C:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\GlassWire.exe [5742032 2016-07-03] (SecureMix LLC)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-27] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2016-05-23]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
URLSearchHook: [S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-10-21] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7og14rox.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default [2017-10-26]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7og14rox.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\7og14rox.default -> user_pref("browser.startup.homepage", "about:home"about:home);
FF Extension: (Disconnect) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Geolocater) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\geolocater@3liz.com [2016-11-20]
FF Extension: (Disable CSS) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-1VwU0d7h7azvou6XbFWe9tmQyoQ@jetpack.xpi [2016-04-27]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-29]
FF Extension: (Decentraleyes) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2017-10-13]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-30]
FF Extension: (Save as PDF) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-10-24]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\support@lastpass.com [2017-10-15]
FF Extension: (uBlock Origin) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-21]
FF Extension: (FireShot) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-09-06]
FF Extension: (Capture & Print) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2016-06-24]
FF Extension: (JavaScript on-off applet) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-04-03]
FF Extension: (RightToClick) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-07-14]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2017-04-15] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-10-26]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-07-26]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Advanced Font Settings) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2016-04-16]
CHR Extension: (Adblock Plus) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-30]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Pandora) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-12-25]
CHR Extension: (Full Page Screen Capture) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-12-25]
CHR Extension: (Plex) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-01-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-10-05]
CHR Extension: (Select and Speak - Text to Speech (SpeakIt!)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2017-07-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-09-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-13]
CHR Extension: (Flying Paint) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaddkdiibkddhdbcmmplkhcpgeinggfo [2017-05-14]
CHR Extension: (Live HTTP Headers) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2016-10-30]
CHR Extension: (Dropbox) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-12-25]
CHR Extension: (Clearly) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-12-25]
CHR Extension: (Jamstash) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2016-06-25]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-12-25]
CHR Extension: (Mohiomap) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2016-02-20]
CHR Extension: (disable-HTML) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfhjgihpknekohffabeddfkmoiklonhm [2015-12-25]
CHR Extension: (Linkclump) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2017-06-15]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-09-13]
CHR Extension: (Ghostery) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-11]
CHR Extension: (Page Archive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboajopncigfmjdnjcgkefdpijgjegjg [2015-12-25]
CHR Extension: (IDM Integration Module) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-26]
CHR Extension: (Broken Link Checker) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibppfobembgfmejpjaaeocbogeonhch [2016-12-27]
CHR Extension: (Don't bleep With Paste) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgllhigpcljnhoakjkgaieabnkmgdkb [2017-08-23]
CHR Extension: (Autofill) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (WayBack Chrome) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phabfadigilgfagiclfpjnjljedbjclf [2016-04-16]
CHR Extension: (Evernote Web Clipper) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-09-11]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR Extension: (SMS Text Message Scheduler for Google Voice™) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\podfahadlppahcknimehicajmjdcfieb [2015-12-25]
CHR Extension: (Web Archive for WayBack Machine) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppokigfjbmhncgkabghdgpiafjdpllke [2016-04-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-17] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
R2 hippovnc_service; C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe [1692160 2010-02-15] (RoboHippo LLC) [File not signed]
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1919472 2016-12-15] (Plex, Inc.)
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2016-04-30] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
S3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-25] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-25] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-25] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-25] (Malwarebytes)
S1 MpKsl77a1abdc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58507434-E3D7-41D2-8583-6607AAC3AA46}\MpKsl77a1abdc.sys [58120 2017-10-24] () [File not signed]
R1 MpKsle48dee54; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58507434-E3D7-41D2-8583-6607AAC3AA46}\MpKsle48dee54.sys [58120 2017-10-25] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-25 20:44 - 2017-10-25 20:44 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-25 20:44 - 2017-10-25 20:44 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-25 20:44 - 2017-10-25 20:44 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-25 20:44 - 2017-10-25 20:44 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-25 20:44 - 2017-10-25 20:44 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-25 19:43 - 2017-10-25 19:43 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-WENTZ-Windows-8.1-Pro-(64-bit).dat
2017-10-25 19:43 - 2017-10-25 19:43 - 000000000 ____D C:\RegBackup
2017-10-25 19:08 - 2017-10-25 18:23 - 000448512 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\TFC.exe
2017-10-25 19:05 - 2017-10-25 22:11 - 000195795 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-10-25 19:05 - 2017-10-25 19:05 - 000003646 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-10-25 19:05 - 2017-10-25 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-10-25 19:05 - 2017-10-25 19:05 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-10-25 19:05 - 2017-10-25 18:24 - 037454520 _____ (Tweaking.com) C:\Users\Ryan\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-10-25 19:02 - 2017-10-25 19:03 - 000126146 _____ C:\Users\Ryan\Desktop\Show-Hidden.txt
2017-10-25 19:02 - 2017-10-25 19:02 - 000001830 _____ C:\Users\Ryan\Desktop\sc-cleaner.txt
2017-10-25 19:01 - 2017-10-25 18:21 - 000467072 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\sc-cleaner.exe
2017-10-25 18:58 - 2017-10-25 18:20 - 008250832 _____ (Malwarebytes) C:\Users\Ryan\Desktop\AdwCleaner.exe
2017-10-25 18:48 - 2017-10-25 18:48 - 000063303 _____ C:\Users\Ryan\Desktop\MTB.txt
2017-10-25 18:48 - 2017-10-25 17:08 - 000892416 _____ (Farbar) C:\Users\Ryan\Desktop\MiniToolBox.exe
2017-10-25 18:38 - 2017-10-26 10:38 - 000000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4a858e3b-c77c-45ce-b95d-d84f5a518cde.job
2017-10-25 18:38 - 2017-10-26 02:00 - 000000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4e61b45b-4f56-4a6a-833f-0dbffe2b8135.job
2017-10-25 18:38 - 2017-10-25 18:38 - 000003570 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 4e61b45b-4f56-4a6a-833f-0dbffe2b8135
2017-10-25 18:38 - 2017-10-25 18:38 - 000003488 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 4a858e3b-c77c-45ce-b95d-d84f5a518cde
2017-10-25 18:38 - 2017-10-25 18:38 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2017-10-25 18:37 - 2017-10-25 18:38 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-25 18:37 - 2017-10-25 18:37 - 000001822 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-10-25 18:37 - 2017-10-25 18:37 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-10-25 18:37 - 2017-10-25 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-10-25 18:37 - 2017-10-25 17:04 - 030785168 _____ (SUPERAntiSpyware) C:\Users\Ryan\Desktop\SUPERAntiSpyware.exe
2017-10-25 18:36 - 2017-10-25 18:36 - 000000554 _____ C:\Users\Ryan\Desktop\JRT.txt
2017-10-25 18:31 - 2017-10-25 17:07 - 001790024 _____ (Malwarebytes) C:\Users\Ryan\Desktop\JRT.exe
2017-10-25 18:28 - 2017-10-25 18:24 - 000386464 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\show-hidden.exe
2017-10-25 14:23 - 2017-10-25 19:21 - 000000000 ____D C:\ProgramData\RogueKiller
2017-10-25 14:23 - 2017-10-25 14:23 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-25 14:23 - 2017-10-25 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-10-25 14:23 - 2017-10-25 14:23 - 000000000 ____D C:\Program Files\RogueKiller
2017-10-25 14:22 - 2017-10-25 18:21 - 036096368 _____ (Adlice Software ) C:\Users\Ryan\Desktop\RogueKiller_setup_ref3.exe
2017-10-22 23:49 - 2017-10-22 23:49 - 000414223 _____ C:\Users\Mal\Desktop\ryanward_week9_northkorea.pdf
2017-10-22 21:36 - 2017-10-22 21:36 - 000000000 ____D C:\Users\Mal\Documents\Custom Office Templates
2017-10-22 21:18 - 2017-10-22 23:51 - 000000000 ____D C:\Users\Mal\AppData\Roaming\Foxit Software
2017-10-22 21:17 - 2017-10-22 23:30 - 000000000 ____D C:\Users\Mal\AppData\LocalLow\Mozilla
2017-10-22 21:17 - 2017-10-22 21:17 - 000000000 ____D C:\Users\Mal\AppData\Roaming\Mozilla
2017-10-22 16:44 - 2017-10-23 00:09 - 000000000 ____D C:\Users\Mal\AppData\Roaming\Everything
2017-10-22 16:31 - 2017-10-22 16:31 - 000000000 ____D C:\Users\Mal\AppData\Roaming\ClassicShell
2017-10-22 15:11 - 2017-10-22 15:11 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Mal\Downloads\esetonlinescanner_enu.exe
2017-10-22 15:09 - 2017-10-22 15:26 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1007
2017-10-22 15:03 - 2017-10-26 04:56 - 000000000 ____D C:\temp
2017-10-22 15:03 - 2017-10-22 15:03 - 000001448 _____ C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-22 15:03 - 2017-10-22 15:03 - 000000020 ___SH C:\Users\Mal\ntuser.ini
2017-10-22 15:03 - 2017-10-22 15:03 - 000000000 ____D C:\Users\Mal\AppData\Roaming\Adobe
2017-10-22 15:03 - 2017-10-22 15:03 - 000000000 ____D C:\Users\Mal
2017-10-22 15:03 - 2016-06-11 14:07 - 000000000 ____D C:\Users\Mal\Documents\Visual Studio 2010
2017-10-22 15:03 - 2015-12-25 11:54 - 000000000 ____D C:\Users\Mal\AppData\Roaming\Macromedia
2017-10-22 15:03 - 2014-11-21 03:53 - 000000369 _____ C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-10-22 15:03 - 2014-11-21 03:53 - 000000369 _____ C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-10-21 16:44 - 2017-10-21 16:48 - 000247744 _____ C:\TDSSKiller.3.1.0.12_21.10.2017_16.44.59_log.txt
2017-10-21 14:24 - 2017-10-26 12:27 - 000033002 _____ C:\Users\Ryan\Desktop\FRST.txt
2017-10-21 14:24 - 2017-10-21 16:49 - 000069837 _____ C:\Users\Ryan\Desktop\Addition.txt
2017-10-21 14:22 - 2017-10-16 10:09 - 002401792 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2017-10-19 18:35 - 2017-10-19 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-17 10:48 - 2017-10-17 10:48 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-17 10:48 - 2017-10-17 10:48 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-17 10:48 - 2017-10-17 10:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-17 10:48 - 2017-10-17 10:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-16 20:35 - 2017-10-25 15:12 - 000000000 ____D C:\userTEMP
2017-10-16 20:29 - 2017-10-16 20:34 - 000899390 _____ C:\TDSSKiller.3.1.0.12_16.10.2017_20.29.17_log.txt
2017-10-16 20:25 - 2017-10-16 20:28 - 000241884 _____ C:\TDSSKiller.3.1.0.12_16.10.2017_20.25.57_log.txt
2017-10-16 18:51 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2017-10-16 10:14 - 2017-10-16 10:14 - 000075124 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-10-16 10:14 - 2017-10-16 10:14 - 000044173 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-10-16 10:09 - 2017-10-16 10:09 - 002401792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2017-10-16 10:04 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-10-16 10:04 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2017-10-13 13:07 - 2017-10-13 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-13 13:07 - 2017-10-13 13:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-13 13:07 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-13 13:06 - 2017-10-13 13:06 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-13 12:58 - 2017-10-13 12:58 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-13 12:58 - 2017-09-14 14:30 - 007439704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-13 12:58 - 2017-09-14 14:30 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-10-13 12:58 - 2017-09-14 14:29 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-10-13 12:58 - 2017-09-13 20:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-13 12:58 - 2017-09-13 20:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-13 12:58 - 2017-09-13 08:32 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-13 12:58 - 2017-09-13 08:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-13 12:58 - 2017-09-13 08:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-10-13 12:58 - 2017-09-09 13:53 - 022361864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-13 12:58 - 2017-09-09 12:55 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-13 12:58 - 2017-09-09 12:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-13 12:58 - 2017-09-09 11:10 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-13 12:58 - 2017-09-09 10:49 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-13 12:58 - 2017-09-09 10:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-13 12:58 - 2017-09-09 10:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-13 12:58 - 2017-09-09 08:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-13 12:58 - 2017-09-08 22:50 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-13 12:58 - 2017-09-08 22:50 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-10-13 12:58 - 2017-09-08 13:21 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-10-13 12:58 - 2017-09-08 13:15 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-13 12:58 - 2017-09-08 12:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-13 12:58 - 2017-09-08 11:57 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-10-13 12:58 - 2017-09-07 16:33 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-13 12:58 - 2017-09-07 16:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-13 12:58 - 2017-09-07 16:32 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-13 12:58 - 2017-09-07 16:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-10-13 12:58 - 2017-09-07 16:17 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-10-13 12:58 - 2017-09-07 16:17 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-10-13 12:58 - 2017-09-07 16:15 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-10-13 12:58 - 2017-09-07 16:08 - 025729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-13 12:58 - 2017-09-07 16:00 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-13 12:58 - 2017-09-07 15:40 - 005982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-13 12:58 - 2017-09-07 15:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-10-13 12:58 - 2017-09-07 15:31 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-10-13 12:58 - 2017-09-07 15:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-10-13 12:58 - 2017-09-07 15:21 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-10-13 12:58 - 2017-09-07 15:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-10-13 12:58 - 2017-09-07 15:11 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-10-13 12:58 - 2017-09-07 15:10 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-10-13 12:58 - 2017-09-07 15:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-10-13 12:58 - 2017-09-07 15:08 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-10-13 12:58 - 2017-09-07 15:08 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-13 12:58 - 2017-09-07 14:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-10-13 12:58 - 2017-09-07 14:44 - 015262720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-13 12:58 - 2017-09-07 14:40 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-13 12:58 - 2017-09-07 14:27 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-13 12:58 - 2017-09-07 14:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-10-13 12:58 - 2017-09-07 14:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-10-13 12:58 - 2017-09-07 14:09 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-10-13 12:58 - 2017-09-07 14:04 - 020267008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-13 12:58 - 2017-09-07 14:03 - 002292736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-10-13 12:58 - 2017-09-07 13:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-13 12:58 - 2017-09-07 13:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-10-13 12:58 - 2017-09-07 13:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-10-13 12:58 - 2017-09-07 13:37 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-10-13 12:58 - 2017-09-07 13:33 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-10-13 12:58 - 2017-09-07 13:29 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-13 12:58 - 2017-09-07 13:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-10-13 12:58 - 2017-09-07 13:27 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-10-13 12:58 - 2017-09-07 13:26 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-10-13 12:58 - 2017-09-07 13:25 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-10-13 12:58 - 2017-09-07 13:24 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-13 12:58 - 2017-09-07 13:17 - 013677568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-13 12:58 - 2017-09-07 13:01 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-13 12:58 - 2017-09-07 12:57 - 001316864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-13 12:58 - 2017-09-07 12:57 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-10-13 12:58 - 2017-08-13 14:48 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-13 12:58 - 2017-08-13 12:52 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-13 12:58 - 2017-08-13 12:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-13 12:58 - 2017-08-13 11:33 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-13 12:58 - 2017-08-11 16:19 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2017-10-13 12:58 - 2017-08-11 16:14 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2017-10-13 12:58 - 2017-08-10 21:54 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-10-13 12:58 - 2017-08-10 21:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-10-13 12:58 - 2017-08-10 21:20 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-13 12:58 - 2017-08-10 21:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-13 12:58 - 2017-08-10 20:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-13 12:58 - 2017-08-06 16:50 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-10-13 12:58 - 2017-08-06 16:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-10-13 12:58 - 2017-08-06 16:13 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-10-13 12:58 - 2017-08-06 02:08 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-10-13 12:58 - 2017-08-01 21:19 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-13 12:58 - 2017-08-01 03:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-13 12:58 - 2016-07-08 09:17 - 000377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-10-13 12:58 - 2016-07-08 09:17 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-10-13 12:58 - 2016-07-07 17:32 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2017-10-13 12:58 - 2016-07-07 17:18 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-10-13 12:58 - 2016-07-07 17:10 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2017-10-13 12:58 - 2016-07-07 17:01 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2017-10-13 12:58 - 2016-07-07 16:04 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-10-13 12:58 - 2016-07-07 15:44 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-10-13 12:58 - 2016-07-07 15:41 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-10-13 12:58 - 2016-07-07 15:29 - 000704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-10-13 12:58 - 2016-07-07 15:23 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-10-13 12:58 - 2016-07-07 15:18 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2017-10-13 12:58 - 2016-07-07 15:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2017-10-13 12:58 - 2016-07-07 14:35 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-10-13 12:58 - 2016-07-07 14:14 - 000628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-10-13 12:58 - 2016-02-05 10:11 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2017-10-13 12:58 - 2016-02-05 10:11 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2017-10-13 12:58 - 2016-02-05 10:07 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2017-10-13 12:36 - 2017-10-13 12:38 - 000244676 _____ C:\TDSSKiller.3.1.0.12_13.10.2017_12.36.19_log.txt
2017-10-12 19:25 - 2017-10-26 08:27 - 000000000 ____D C:\tmp
2017-10-11 10:40 - 2017-10-25 00:49 - 000000000 ____D C:\newworkspace
2017-10-11 10:37 - 2017-10-26 12:27 - 000000000 ____D C:\userTMP
2017-10-05 14:16 - 2017-10-05 14:16 - 000000000 ____D C:\Users\Ryan\temp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-26 12:27 - 2016-06-04 18:30 - 000000000 ____D C:\FRST
2017-10-26 11:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-26 04:54 - 2015-12-24 10:04 - 000000000 ___DO C:\Users\Ryan\OneDrive
2017-10-26 04:31 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-25 20:54 - 2015-12-19 09:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2017-10-25 20:50 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-25 20:48 - 2014-11-21 03:43 - 000953580 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-25 20:48 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2017-10-25 20:44 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-25 20:44 - 2015-12-19 09:25 - 000000000 ____D C:\WINDOWS\CSC
2017-10-25 20:44 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-25 20:44 - 2013-08-22 09:44 - 016190720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-25 20:43 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2017-10-25 20:43 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2017-10-25 20:43 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-10-25 20:27 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-25 20:06 - 2017-05-14 11:17 - 000000000 ____D C:\Users\Ryan\Downloads\Images
2017-10-25 20:06 - 2016-06-24 21:48 - 000000000 ____D C:\Users\Ryan\Downloads\Video
2017-10-25 20:06 - 2016-06-03 04:12 - 000000000 ___RD C:\Users\Ryan\Box Sync
2017-10-25 20:06 - 2016-02-21 00:35 - 000000000 ____D C:\Users\Ryan\YandexDisk
2017-10-25 20:06 - 2015-12-25 11:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2017-10-25 20:06 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2017-10-25 20:06 - 2013-08-22 08:25 - 000000163 _____ C:\WINDOWS\win.ini
2017-10-25 20:03 - 2017-03-29 10:51 - 001038984 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-10-25 19:00 - 2016-06-04 15:45 - 000000000 ____D C:\AdwCleaner
2017-10-25 18:30 - 2016-05-27 02:17 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-10-25 18:29 - 2016-05-27 02:18 - 000000000 ____D C:\Users\ReportServer$SQLEXPRESS
2017-10-25 15:11 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-25 00:45 - 2016-05-23 14:44 - 000000000 ____D C:\subsonic
2017-10-22 02:17 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-21 19:08 - 2013-08-22 10:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-21 19:05 - 2016-02-13 00:45 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-21 17:07 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-19 18:35 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-16 22:31 - 2016-11-02 10:39 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-16 22:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-16 22:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-16 20:28 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-16 20:28 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-16 10:24 - 2016-03-18 18:33 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2017-10-14 21:21 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-10-13 13:13 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\setup
2017-10-13 13:07 - 2015-12-25 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-13 13:07 - 2015-12-25 11:24 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-13 13:03 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-13 12:58 - 2015-12-23 23:50 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-12 17:25 - 2014-11-21 11:23 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 17:25 - 2014-11-21 11:23 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-30 11:05 - 2016-02-13 05:21 - 000000501 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-29 22:46 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2017-09-29 20:15 - 2016-02-12 22:54 - 000000000 ____D C:\Users\Ryan\Documents\ArcGIS

==================== Files in the root of some directories =======

2016-07-08 23:43 - 2016-07-08 23:44 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-05-10 20:57 - 2017-08-29 15:52 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-05-10 15:51 - 2017-09-11 18:09 - 000001456 _____ () C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-02-12 22:46 - 2017-10-21 18:54 - 000007674 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-01-01 09:48 - 2017-01-01 09:48 - 000018432 _____ () C:\Users\Ryan\AppData\Local\WebpageIcons.db
2017-02-02 10:39 - 2017-03-18 19:50 - 000004395 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-25 19:11

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2017
Ran by Ryan (26-10-2017 12:28:14)
Running from C:\Users\Ryan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Mal (S-1-5-21-1125547639-1294637962-2935245663-1007 - Limited - Enabled) => C:\Users\Mal
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
AceThinker iPhone Screen Recorder V1.1.1 (HKLM-x32\...\{586c397f-382f-485a-bd89-afd132d4ff8e}_is1) (Version: 1.1.1 - APOWERSOFT LIMITED)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{28A4967F-DE0D-4076-B62D-A1A9EA62FF0A}) (Version: 2.0.8933 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.0.8933 - Environmental Systems Research Institute, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (HKLM-x32\...\{C5D59EB4-AE43-449C-80BF-C8DFC99FB36A}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (HKLM-x32\...\{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}) (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\{0B5D7DA7-9220-392F-89C6-4C75AB36E977}) (Version: 61.0.3163.100 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
MKVToolNix 9.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.4.0 - Moritz Bunkus)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{4A10DB6A-8093-40A8-BF1C-C3587B0A901D}) (Version: 1.3.3148 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d685b3b4-91da-4364-9e7d-f365a614d42b}) (Version: 1.3.3.3148 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PS_AIO_Software_min (HKLM-x32\...\{60D5EE24-2C43-45EF-87D4-C35EA2101878}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sling (HKLM-x32\...\{CE291AB6-6E77-440B-8BA8-E8266F898A1C}) (Version: 4.9.165 - Echostar)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (HKLM\...\{B40B7A25-308B-4650-8B42-E51710CDD4D9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{026E123D-2160-46C7-A801-87D27D46835E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{700C00BA-E947-4B77-8EF1-588DF210E931}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Stopping Plex (HKLM-x32\...\{0F4F2C9B-2C85-4DBF-B385-3D6D44446C16}) (Version: 1.3.3148 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\WinDirStat) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {07b40172-9807-3c1c-ba59-6079a4aac108} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {04594f02-32ea-3587-9086-f41d8e0913ce} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {89dd0924-32ad-3eef-af9e-47999ec8e5ea} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {6186e773-c867-3e53-bafc-97618c51f764} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {cb7cb4c9-490e-3599-b355-e16ba7b83aa6} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2016-02-10] (Yandex)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers1-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers2-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers2-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers3-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers4-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-02-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers5-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers5-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll [2011-01-07] ()
ContextMenuHandlers6-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18CFCE96-9004-4D4D-9A74-BB4700E6C3B1} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4a858e3b-c77c-45ce-b95d-d84f5a518cde => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {32D56B0B-5DF3-45EB-9B65-50118E50DC5F} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4e61b45b-4f56-4a6a-833f-0dbffe2b8135 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {7A26D2C6-3B10-4E35-9FE5-6A16326E80F6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {9B92464D-3AF2-4AFF-9E0F-EBF9019C022B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:E: -include:C: -allCritical -quiet]
Task: {AA79C121-71C7-4862-9E29-B212AC5F9E14} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-10-21] (Microsoft Corporation)
Task: {AFC60DB1-31CC-4AAC-A336-EA79F9CA07CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {DA1530D4-BBD4-4B98-8531-59F65A4D0A2B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {E291845A-420C-463B-8FCA-DCEBBE9FF85C} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {F5236305-940F-4F1F-A305-D5D0550FEACF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {F608962A-544A-4A5E-8B80-BD4C81C667B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4a858e3b-c77c-45ce-b95d-d84f5a518cde.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4e61b45b-4f56-4a6a-833f-0dbffe2b8135.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ryan\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Plex.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-13 00:45 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2016-04-30 09:44 - 2016-04-30 09:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2017-10-13 13:07 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-13 13:07 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-21 19:00 - 2017-10-21 19:00 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-16 04:23 - 2011-01-07 00:53 - 000215040 _____ () C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX64.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-04-30 09:44 - 2016-04-30 09:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2017-09-22 02:18 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-22 02:18 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 001083376 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000115696 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000059888 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000772080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 001741296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 001962992 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000025584 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000050160 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000071664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000024560 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000041456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000930288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000074736 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000190960 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2016-12-15 14:53 - 2016-12-15 14:53 - 000218096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000018928 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000095728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000143344 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2016-12-15 14:53 - 2016-12-15 14:53 - 000694256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-10-25 20:06 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\Microsoft\Windows\Themes\Panoramic\DesktopBackground\desertpanoramas11.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "LAN Messenger"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C562DD7A-C919-40A2-A85F-8DF45658E41E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A03A723E-C0F1-4207-862E-EB260B3E82A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2098685-9A10-40A3-8DE9-581F2213EE03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7869F01-C621-4783-81A4-9E947E0DFEC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F123ECC-FC3B-48C6-B7FF-44ED2CB4A7DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EAF7703A-400F-4C94-B516-7FA829EA6573}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{471C64E8-878C-42C9-BDAE-2EFDE0956921}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{B58537B8-843B-4D53-BC5E-0F8938814CEE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{28C1412B-5E5D-4E37-B84A-020BB14446E1}] => (Allow) LPort=7935
FirewallRules: [{5FAF5979-CFA2-4CF3-938F-D96423639E23}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{809DC58F-F765-4E51-BB9D-1AD99ABBBE5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F962A29B-4FFD-401D-8E1C-81204B7D0B37}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{0B62FF79-0654-491B-A4FE-F7A1642C5DF3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6ACF1296-B49D-47C5-B655-0FBEF1D10123}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D8F38C5C-BD25-4D50-94A0-A410C193A953}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B5694A2C-84A9-4E26-BFEE-AF265F222CB8}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{71356807-35BB-431C-B733-8BE5782CDF6F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{82CF5298-FCDF-4110-A25D-5FF5A5EBFFC3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{D92A89F8-71C8-41F2-9035-1FE7CE7A0CC0}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{5CDEA0D2-2A84-407D-8312-E761C459CBE2}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{EB2EF1D4-C857-47BB-A29C-2B8AF8EAD9FD}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-service.exe
FirewallRules: [{1272FF0E-4E6F-445C-9A0E-18260AC5E624}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-service.exe
FirewallRules: [{B9B62C0E-8A56-494F-A967-21E932C16D38}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent.exe
FirewallRules: [{12D63537-76D6-4055-B395-DA592B4BF54A}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent.exe
FirewallRules: [{11DD90BD-AA83-4DF7-A75A-42D23099C861}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent-elevated.exe
FirewallRules: [{5D561EC8-78C7-4619-A186-76B38103702B}] => (Allow) C:\Program Files (x86)\Subsonic\subsonic-agent-elevated.exe
FirewallRules: [TCP Query User{B04A5F1A-F1CF-4017-81D6-9975313577ED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{018B12EE-8215-40A6-97EA-0D67D8DE083C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FC83EEE8-36D8-430E-A2F1-8FF424A2FD51}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [UDP Query User{169DA8D8-EB07-4373-A251-1C11DF84A934}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [TCP Query User{469E3B80-314F-468A-9CA4-0176A73B3E01}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{7B319C27-4B8C-4180-9CD0-8921013FAA22}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{A39084E3-CFDB-4201-ADC1-AAA04276152F}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{D2546505-BE3A-43A7-AD87-E2C539EC6FBE}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [TCP Query User{E08A0510-4E2B-4192-8ACB-61A6BF1797E9}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{0D16DA90-697D-4DCE-9C18-A237AA93BEC8}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{D65A4278-7415-41A3-BC8A-FC3A06A0A4D5}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F96D874-1FCC-4261-96AC-ADF722BD0130}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2FDEB43-FDD1-4CCD-88E3-4D1FB2FFEEBD}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E882FA9C-2890-4EF9-8605-0BDBAE1F6D54}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9300B2F0-A5E0-449D-A014-E21D7CC62303}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6449F34C-87EE-426C-8975-6459FE66BEB0}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD4C00EE-FD06-4DC3-BD57-5860D440C968}] => (Allow) C:\Program Files (x86)\AceThinker\AceThinker iPhone Screen Recorder\AceThinker iPhone Screen Recorder.exe
FirewallRules: [{3CF28342-2DDA-4A01-A7EB-18201AFBB098}] => (Allow) C:\Program Files (x86)\AceThinker\AceThinker iPhone Screen Recorder\AceThinker iPhone Screen Recorder.exe
FirewallRules: [{643F9CA4-BD51-404D-AA28-04F3B05B4C67}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{BCADA623-522E-4723-BF6E-566814FEF1D6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{E510871B-D7DF-42C8-806D-B940E8DE9EDB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{33D2F359-5119-4A32-ADF6-C9FBA5ADE858}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{0F59059D-4C28-49AF-9DD9-2D5E47C4D018}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{7C06A5E0-FDE8-477B-9CE6-7838AE4BC9D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B27F87D3-F7DA-4855-A382-5D402C1D4278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A997855E-96EC-4A72-BA0D-2BBF5B120BD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2E6B56CF-68CA-4CFB-9D75-5319F9373183}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{49EEBB09-364C-4156-892F-CF822194D26B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{530D41A7-6B05-41AA-B2A5-FC55BB7815CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A7A92A88-16F6-4C04-8B33-5E4211C5550D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{64001E71-D56E-40D3-9380-2BF0806E8014}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{2F9BCCE5-D447-4BBE-9BD4-026A35870B08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{609F6851-CEEB-4A50-9302-7DA482D77A81}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3250A3BB-FAB3-4A41-BF04-86563E6546B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{63672589-FFE1-4A11-8EDF-2AB3FDBC7215}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E8453462-99E9-4205-A397-0AF5E6A62509}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B299DAC6-562E-45C9-ABE3-F6DAE90EB224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9F7D75FF-6F4E-4FCD-BDBE-293ADB26EDA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{59048188-1498-4551-B4D4-F72B3A47AA96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{620101AF-7E2F-4058-BDC3-FAE8143F64CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{853CDAB9-385E-4C28-84A2-D9E59B5408E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E21B7040-A7B3-4507-BD37-17A3BE3FEB55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6835ED75-3855-4974-974F-B9FB52E5D398}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

25-10-2017 18:34:25 JRT Pre-Junkware Removal
25-10-2017 19:46:01 Tweaking.com - Windows Repair 2018

==================== Faulty Device Manager Devices =============

Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TP-LINK Wireless PCI Express Adapter
Description: TP-LINK Wireless PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-LINK
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2017 08:45:18 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.

Error: (10/26/2017 04:56:11 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
   at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
   at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)

Error: (10/26/2017 04:56:11 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: ProblemIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\Ryan\Box Sync'.

Error: (10/26/2017 04:54:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE2
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (10/26/2017 04:54:59 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76

Error: (10/26/2017 04:54:59 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (10/26/2017 04:54:37 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE2
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76

Error: (10/26/2017 04:54:37 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (10/26/2017 04:54:15 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
   at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
   at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)

Error: (10/26/2017 04:54:15 AM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\Ryan\Box Sync'.


System errors:
=============
Error: (10/25/2017 08:44:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/25/2017 08:44:02 PM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.

Error: (10/25/2017 08:06:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/25/2017 08:01:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.

Error: (10/25/2017 08:01:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.

Error: (10/25/2017 08:01:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.

Error: (10/25/2017 08:01:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error:
Access is denied.

Error: (10/25/2017 07:01:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/25/2017 07:00:39 PM) (Source: RAMDiskVE) (EventID: 10) (User: )
Description: Message: Unable to open file for disk image load.

Error: (10/25/2017 07:00:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Jump Desktop Connect Service service failed to start due to the following error:
The system cannot find the path specified.


CodeIntegrity:
===================================
  Date: 2017-02-13 21:46:07.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:06.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:06.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:05.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:04.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 21:46:04.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:37:54.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:37:54.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 16247.11 MB
Available physical RAM: 9824.2 MB
Total Virtual: 17247.11 MB
Available Virtual: 9583.11 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:15.22 GB) NTFS
Drive e: (RECOVERY) (Removable) (Total:14.47 GB) (Free:13.98 GB) FAT32

==================== MBR & Partition Table ==================
 Could not read MBR for disk 1.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#7 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:43 AM

Posted 27 October 2017 - 11:11 AM

Greetings wardr,

 

 

My name is Pranav and I would be helping you out with this case. Kindly allow me some time (48 hours) to review the logs which you have uploaded and I will get back to you. Kindly do not run any tools until I say so since they could do more harm without proper supervision.

 

 

Have a nice day!

 

 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#8 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 28 October 2017 - 09:00 AM

Alright, in fact I've either had the computer powered off at this point or I have it booted into a Linux distribution.

On the first log there are 2 alternate data streams which in my experience is a clear sign of Trojan/malware. They do not appear in the next 2 logs.

Thanks.

#9 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:43 AM

Posted 28 October 2017 - 02:55 PM

Hi wardr!

 

Alright, in fact I've either had the computer powered off at this point or I have it booted into a Linux distribution. 

You would have to boot into Windows to follow the below steps. Disconnecting the PC from Internet while it is being cleaned should be sufficient :)

 

On the first log there are 2 alternate data streams which in my experience is a clear sign of Trojan/malware. They do not appear in the next 2 logs.

Did you do any change or run any security programs?

 

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

 

(Credits to this post goes to Oh My! (Gary))

 

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start &gt; Control Panel &gt; Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

 

Before proceeding ahead, kindly download Fixlist.txt which is attached with this post. This is required to run the FRST fix.

 

===================================================

 

Booting Into Safe Mode With Networking


--------------------

  • Press Windows Key + R at the same time
  • Type msconfig and press Enter
  • Select the Boot tab
  • Under Boot Options Select /Safe boot
  • Below that select Network
  • Click Apply then OK
  • Click Restart
  • Test your computer while performing the next task

===================================================

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

 

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

 

 

 

Let me know how it goes!

 

Have a nice day!

 

 

Regards,

Pranav

Attached Files


Edited by blueelvis, 28 October 2017 - 03:01 PM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#10 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 28 October 2017 - 05:28 PM



 

On the first log there are 2 alternate data streams which in my experience is a clear sign of Trojan/malware. They do not appear in the next 2 logs.
Did you do any change or run any security programs?

 

 

I only ran the security programs between the 2nd and 3rd log.  I listed them in my reply along with the 3rd log.  I did however login as "administrator" on the 1st log, an account I never use, and I logged in to "ryan" on my 2nd log, the account I typically login with.  "ryan" is an administrator on this computer as well, fyi.  So the ADS were noted with the computer logged in as "administrator".

 



I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start &gt; Control Panel &gt; Add/Remove Programs.

 

 

I uninstalled utorrent, which I never use anyway. Is that what you were referring to?


 

Let me know how it goes!

 

 

It went fine, here are the 2 logs you requested.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-10-2017
Ran by Ryan (28-10-2017 17:11:25) Run:3
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mal & Administrator & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933] ATTENTION => Default URLSearchHook is missing
ShellIconOverlayIdentifiers: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll -> No File
ContextMenuHandlers2-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers3-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
ContextMenuHandlers6-x32: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} => C:\Users\Ryan\YandexDisk\Compressed\openxx64\OpenXX.dll -> No File
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\ChromeHTML

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
Could not restore Default URLSearchHook.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.7Done => key removed successfully
HKLM\Software\Classes\CLSID\{581FFA04-FC33-0007-0302-95003A5CDE89} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.7RO => key removed successfully
HKLM\Software\Classes\CLSID\{581FFA03-FC33-0007-0302-95003A5CDE89} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.7RW => key removed successfully
HKLM\Software\Classes\CLSID\{581FFA02-FC33-0007-0302-95003A5CDE89} => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.7Done => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{581FFA04-FC33-0007-0302-95003A5CDE89} => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.7RO => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{581FFA03-FC33-0007-0302-95003A5CDE89} => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.7RW => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{581FFA02-FC33-0007-0302-95003A5CDE89} => key removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\OpenXX{55088222-77F2-4174-9D48-7C3720DCB357} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{55088222-77F2-4174-9D48-7C3720DCB357} => key removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\OpenXX{55088222-77F2-4174-9D48-7C3720DCB357} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{55088222-77F2-4174-9D48-7C3720DCB357} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => key removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\OpenXX{55088222-77F2-4174-9D48-7C3720DCB357} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{55088222-77F2-4174-9D48-7C3720DCB357} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\OpenXX{55088222-77F2-4174-9D48-7C3720DCB357} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{55088222-77F2-4174-9D48-7C3720DCB357} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\OpenXX{55088222-77F2-4174-9D48-7C3720DCB357} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{55088222-77F2-4174-9D48-7C3720DCB357} => key not found.
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\ChromeHTML => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 17:11:55 ====

 

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ryan (administrator) on 28-10-2017 at 17:16:52
Running from "C:\Users\Ryan\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Model: Inspiron 580 Manufacturer: Dell Inc.
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Hardware not present)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)
TP-LINK Wireless PCI Express Adapter = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set interface interface="Ethernet" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Wentz
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-E9-84-0E-E6-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TP-LINK Wireless PCI Express Adapter
   Physical Address. . . . . . . . . : C4-E9-84-0E-E6-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...16 e9 84 0e e6 c8 ......Microsoft Wi-Fi Direct Virtual Adapter
  7...c4 e9 84 0e e6 c8 ......TP-LINK Wireless PCI Express Adapter
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

**** End of log ****
 


Edited by wardr, 28 October 2017 - 05:34 PM.


#11 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 29 October 2017 - 08:12 PM

I was just sitting here observing some network connections with my router, and suddenly about 1500 IP connections just popped up out of nowhere.  They all originated from this computer that is infected, and seemed to use IE as their source app I think.  Then all these pop-ups came on my screen of *.img files that said "Cannot download the file because of timeout" the the details were "Cannot connect to img-s-msn-com.akamaized.net:443".  The name of the img file varied, but here are some examples:

AAegwh2.img

BBoz3qE_2.img

AAc076x_2.img

 

and there were about 10 of them.

 

I need to use this computer to get some school work done so I don't know what to do. I guess I'll use a usb with a ubuntu distribution and attempt to work off of that until this problem is solved. 



#12 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 31 October 2017 - 02:36 AM

It's been 72 hrs?

#13 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:43 AM

Posted 31 October 2017 - 04:24 AM

Hi wardr,

 

 

It's been 72 hrs? 

 

 

 

Doesn't seem like it. We are in different time zones mate and I have to cope up with life as well. Please be patient.

 

 

I only ran the security programs between the 2nd and 3rd log.  I listed them in my reply along with the 3rd log.  I did however login as "administrator" on the 1st log, an account I never use, and I logged in to "ryan" on my 2nd log, the account I typically login with.  "ryan" is an administrator on this computer as well, fyi.  So the ADS were noted with the computer logged in as "administrator".

 

 

Okay. Have you enabled the hidden Administrator account by yourself since you were able to login using "Administrator" ?

 

 

 

I uninstalled utorrent, which I never use anyway. Is that what you were referring to?

 

 

Yep. That was it. Thanks for removing it!

 

 

 

Are you aware of the following software which has been installed on your system?

  1. Team Viewer
  2. WinSCP
  3. PuTTY
  4. Open Broadcaster Software
  5. Jump Desktop Connect

 

As per the log file attached by you for the MiniToolbox, you ran that software in Safe Mode with Networking but I see that everything was in a disconnected state. Did you unplug the router from the system? Asking because it could not ping yahoo.com and ipconfig also says that everything was in disconnected state. This should not be the case while you have booted into Safe Mode with Networking.

 

 

 

Please run the below fix while you are logged in normally i.e. not in Safe Mode.

Download attached fixlist.txt file and save it to the Desktop.
 
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 

a6csRll.pngMalwarebytes Anti-Rootkit Beta
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;
 

 

 

 

I was just sitting here observing some network connections with my router, and suddenly about 1500 IP connections just popped up out of nowhere.  They all originated from this computer that is infected, and seemed to use IE as their source app I think.  Then all these pop-ups came on my screen of *.img files that said "Cannot download the file because of timeout" the the details were "Cannot connect to img-s-msn-com.akamaized.net:443".  The name of the img file varied, but here are some examples:

AAegwh2.img

BBoz3qE_2.img

AAc076x_2.img

 

and there were about 10 of them.

 

 

 

That seems to be legit. That is used to host images. Most likely the system was downloading the lock screen wallpapers for you. Was this happening while you were booted into Safe Mode with Networking or normal mode?

 

Do you have any other way to connect the system to Internet except the normally used router which you are using?

Are you still facing the internet issues on Chrome? If yes, can you please name more apps which are not able to connect to the Internet?

 

Asking because Chrome uses the IE network stack (in a way) to access internet and Firefox uses its own. But, you said that IE and FF can connect to the Internet fine but Chrome is not. 

 

 

Let me know how it goes!

 

 

Regards,

Pranav

Attached Files


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#14 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 01 November 2017 - 05:01 AM

I have to go to work but will do all this when I get home.

 

I suppose I can plug this computer straight into the cable modem and bypass the router (which is flashed with DD-WRT).  Want me to try that?

 

Yes I enabled the hidden administrator account - to answer that quesiton.

 

Yes I am still having issues with Chrome, which won't connect to internet.  Firefox and IE work, but they won't allow me to download files (I have to use ubuntu to download the files on a usb that you instruct me to d/l).  More is no program on my computer is able to "update", including windows defender, windows updates, chrome, firebox, you name it, cannot update. Dropbox cannot connect.  Windows says it is "unactivated" as well, unable to verify online.  No security programs can update definitions.  Truth be told the only thing working at all to connect to Internet is the firefox browser and IE browser just for browsing.  My audio has also stopped working. 

 

As far as those programs you listed, yes I installed them myself.

 

Also as far as the wallpapers go, I do not think this is the case.  I've never encountered this type of behavior while running windows.  I am talking 1500 IP connections to hundrds of IP addresses just popped up while I was looking at the network connections with the router.  When I closed IE, they went away.

 

Will follow up in few hours.



#15 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 01 November 2017 - 08:00 PM

Okay. Have you enabled the hidden Administrator account by yourself since you were able to login using "Administrator" ?

 

yes, but i never use it.

 

 

 

Are you aware of the following software which has been installed on your system?

 

yes.

 

 

As per the log file attached by you for the MiniToolbox, you ran that software in Safe Mode with Networking but I see that everything was in a disconnected state. Did you unplug the router from the system? Asking because it could not ping yahoo.com and ipconfig also says that everything was in disconnected state. This should not be the case while you have booted into Safe Mode with Networking.

 

All I did it reset in safe mode w/ networking, nothing was physically unplugged.  I don't know why it wouldn't connect to wifi network in that state.

 

 

Malwarebytes Anti-Rootkit Beta

  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;

Like I said before, I cannot update anything. Nothing will connect to the internet. I am logged in to a usb with ubuntu, so that I can save the file.  I can install the file once I login windows. But once installed it will not allow me to update the database from an online source.  I will try anyway and let you know in my next reply.

 

o you have any other way to connect the system to Internet except the normally used router which you are using?

 

I can plug directly into the cable modem with ethernet cord and bypass router altogether. Do you want me to do that?

 

 

Are you still facing the internet issues on Chrome? If yes, can you please name more apps which are not able to connect to the Internet?

 

Yes to chrome.  And actually it would be easier to name apps that ARE able to connect to internet.  Only firefox and IE.  And they have restrictions like downloading files.  Also the mouse and keyboard stop working on certain websites, for no reason at all. No other program can access internet for updates or anything else needed to connect over internet for.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users