Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Urgent Help Needed for Family Business Computer


  • This topic is locked This topic is locked
21 replies to this topic

#1 JackOfSomeTrades

JackOfSomeTrades

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 13 February 2018 - 04:13 PM

My dad received what appeared to be an email specifically targeted to our business but with horribly broken English with a .rar attachment that he clicked on. I have run various antivirus scans from ESET, RKILL, MBAM, and SUPERAntiSpyware. RKILL shows 20 of 40 host processes with various trackers I cannot seem to get rid of and additionally it ends a process referred to as "regass.exe" which I am very wary of. I installed Comodo firewall and set it to proactive. I am having issues installing certain components however as my windows install is telling me it is always waiting on something else to install. I was able to eventually circumvent the issue temporarily through the use of online forums discussing said issue, however the problem has returned. Please help ASAP.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 13 February 2018 - 08:29 PM

Greetings JackOfSomeTrades and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 16 February 2018 - 10:24 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 16 February 2018 - 09:18 PM

I apologize for my tardy reply, I have been working around the clock. Thank you so much for your response, I have been informed by a knowledgeable source that the attachment was not run and therefore we should be okay and that the host processes were likely benign. I would prefer to post all of the information you requested tomorrow when I have access to the computer and have you review it at your leisure if it is not too much trouble. Thank you.
I do feel terrible about leaving such an urgent message and then receiving such a prompt response that I did not reply to in a timely manner. I went from panic to relief to constant work for the last few days. I am sorry.

Edited by JackOfSomeTrades, 16 February 2018 - 09:29 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 16 February 2018 - 09:25 PM

No trouble at all. Thanks for touching base and we will review things once you have a chance to post the information.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 16 February 2018 - 09:28 PM

I do feel terrible about leaving such an urgent message and then receiving such a prompt response that I did not reply to in a timely manner. I went from panic to relief to constant work for the last few days. I am sorry.
I do feel terrible about leaving such an urgent message and then receiving such a prompt response that I did not reply to in a timely manner. I went from panic to relief to constant work for the last few days. I am sorry.
I do feel terrible about leaving such an urgent message and then receiving such a prompt response that I did not reply to in a timely manner. I went from panic to relief to constant work for the last few days. I am sorry.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 17 February 2018 - 03:34 PM

I understand so no need to worry about it. We will make sure your computer is clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 February 2018 - 10:33 PM

Well, I got off work today after working in a location that prohibited me from access to my cell phone and was informed that my mom and dad went on vacation for the weekend without leaving me the key to their house. They will be back Tuesday if we can drag this out a little longer, thank you. I know this situation is absurd, but I promise it is all true.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 18 February 2018 - 09:16 AM

No problem, see you Tuesday.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 20 February 2018 - 09:56 PM

Here are the scan results. Thank you so much for your patience and time. My name is Stephen by the way.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2018
Ran by James (administrator) on DEWOLFECRANE (20-02-2018 18:25:50)
Running from C:\Users\James\Desktop
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
() C:\Windows\SysWOW64\RegAss.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Failed to access process -> ShellExperienceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Starfield Technologies) C:\Users\James\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\James\AppData\Local\Workspace\wben.exe
(Dropbox, Inc.) C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Dropbox, Inc.) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\James\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-12] (AVAST Software)
HKLM-x32\...\Run: [ASUS Easy Update] => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-10-11] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-14] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-12-08] (Apple Inc.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3207680 2015-05-20] (GoPro)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2018-01-03] (Google Inc.)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [Starfield Updater] => C:\Users\James\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-12-30] (Starfield Technologies)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [wben] => C:\Users\James\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [Dropbox Update] => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2017-12-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2017-12-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-02-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-11-26]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a9405a46-cee1-4790-a365-0de3395211b3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a9405a46-cee1-4790-a365-0de3395211b3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a94443cd-0798-478f-9461-6dfb3622c7f2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ab127c91-ff61-43b2-9576-9b2e71f165e6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f8f2fb38-6b1f-435f-a900-fe3a280a1819}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f8f2fb38-6b1f-435f-a900-fe3a280a1819}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net/?sid=492&aid=100&itype=n&ver=11471&tm=312&src=hmp
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-543752171-4003080874-1251698838-1001 -> {80DCA8A4-740A-4088-B2FA-0D2065ADEB6D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-543752171-4003080874-1251698838-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-543752171-4003080874-1251698838-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-16] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
Toolbar: HKU\S-1-5-21-543752171-4003080874-1251698838-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
DPF: HKLM-x32 {4B6E3013-6E45-11D0-9309-0020AFE05CC8} hxxp://www.bitmanagement.com/download/BS_Contact/cab-xpi/BS_Contact_VRML-X3D.exe
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2018-01-08] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\kompozer.net\KompoZer\Profiles\o8wyheya.default [2015-01-14]
FF ProfilePath: C:\Users\James\AppData\Roaming\KompoZer\Profiles\ta1vmqei.default [2014-12-30]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension => not found
FF Plugin: @bitmanagement.com/BS Contact -> C:\Program Files\Bitmanagement Software\BS Contact\npBSContact.dll [2012-12-21] (Bitmanagement Software)
FF Plugin: @bitmanagement.com/BSVersion,version=1.006 -> C:\Program Files\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2011-04-04] (Bitmanagement Software GmbH)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2017-02-22] (Unity Technologies ApS)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2011-11-28] (ParallelGraphics)
FF Plugin-x32: @parallelgraphics.com/RapidView -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona2D\npCortona2d.dll [2011-11-15] (Paragraphics)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\HD Media Player\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @bitmanagement.com/BS Contact -> C:\Program Files\Bitmanagement Software\BS Contact\npBSContact.dll [2012-12-21] (Bitmanagement Software)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @bitmanagement.com/BSVersion,version=1.006 -> C:\Program Files\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2011-04-04] (Bitmanagement Software GmbH)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @seedonk.com/SeeVWidget;version=1.1.2.0 -> C:\Program Files\iSecurityPlusPlayer\\npseev.dll [2014-02-22] (Seedonk Inc)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @starfield.com/off -> C:\Users\James\AppData\Roaming\Mozilla\Plugins\npoff.dll [2015-05-04] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @starfield.com/off64 -> C:\Users\James\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2015-05-04] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @starfield.com/wbe -> C:\Users\James\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2013-12-30] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @starfield.com/wbe64 -> C:\Users\James\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2013-12-30] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-543752171-4003080874-1251698838-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-07-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npoff.dll [2015-05-04] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npoff64.dll [2015-05-04] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npwbe.dll [2013-12-30] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\npwbe64.dll [2013-12-30] (Starfield Technology, LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2018-02-20]
CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Avast SafePrice) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-16]
CHR Extension: (Avast Online Security) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-02-13]
CHR Extension: (Cisco WebEx Extension) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (chromeIPass) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2017-03-22]
CHR Extension: (Free Government Forms) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcckihfklbbjhlclpjbaomkhabnplejg [2018-01-25]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-12]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\chrome_tmbep.crx <not found>
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-543752171-4003080874-1251698838-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-543752171-4003080874-1251698838-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-543752171-4003080874-1251698838-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\chrome_tmbep.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-02-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-12] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.681\McCHSvc.exe [404376 2018-02-04] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2018-01-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-06] (Intuit Inc.) [File not signed]
R2 RegAss; C:\Windows\SysWOW64\RegAss.exe [47616 2012-12-06] () [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [248640 2012-07-25] (Trend Micro Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-09-21] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-09-21] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-09-21] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-17] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-28] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-28] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [192944 2018-02-12] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-02-12] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-02-12] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-02-12] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-02-12] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [190440 2018-02-12] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-02-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-02-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-02-12] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-02-12] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-02-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459952 2018-02-12] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205464 2018-02-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379448 2018-02-12] (AVAST Software)
R3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbc.sys [38400 2011-02-08] (CSR plc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-09] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-20] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_f3f4d1fadefe88d6\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-28] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-28] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-28] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-20 18:25 - 2018-02-20 18:26 - 000042974 _____ C:\Users\James\Desktop\FRST.txt
2018-02-20 18:24 - 2018-02-20 18:25 - 000000000 ____D C:\FRST
2018-02-20 18:24 - 2018-02-20 18:24 - 000001519 _____ C:\Users\James\Desktop\FRST64 (1) - Shortcut.lnk
2018-02-20 18:23 - 2018-02-20 18:23 - 002403328 _____ (Farbar) C:\Users\James\Desktop\FRST64 (1).exe
2018-02-20 06:39 - 2018-02-20 06:39 - 021553154 _____ C:\Users\James\Downloads\Pot locations (1).pdf
2018-02-19 19:34 - 2018-02-19 19:34 - 000008569 _____ C:\Users\James\Downloads\PYMNT_ADVICE (32).pdf
2018-02-16 12:28 - 2018-02-16 12:28 - 000000000 ___HD C:\OneDriveTemp
2018-02-16 10:54 - 2018-02-16 10:54 - 021553154 _____ C:\Users\James\Downloads\Pot locations.pdf
2018-02-16 10:40 - 2018-02-16 10:40 - 000006710 _____ C:\Users\James\Downloads\confirmation12981686 (3).html
2018-02-16 09:24 - 2018-02-16 09:24 - 000172734 _____ C:\Users\James\Downloads\Inv_1443_from_Reliable_Construction_Service_LLC_23444 (3).pdf
2018-02-16 05:56 - 2018-02-16 05:56 - 000009917 _____ C:\Users\James\Downloads\17-18 Dewolfe Pkg Invoice for Endt 2 eff 01-18-18.pdf
2018-02-16 05:55 - 2018-02-16 05:55 - 000110576 _____ C:\Users\James\Downloads\Eff 01-18-18 Add 18 Terex #0634 Endt#2.pdf
2018-02-15 21:46 - 2018-02-15 21:46 - 000147054 _____ C:\Users\James\Downloads\1017_001.pdf
2018-02-15 21:46 - 2018-02-15 21:46 - 000008972 _____ C:\Users\James\Downloads\2018.pdf
2018-02-15 20:30 - 2018-02-15 20:30 - 000292294 _____ C:\Users\James\Downloads\0436_001.pdf
2018-02-15 20:30 - 2018-02-15 20:30 - 000292294 _____ C:\Users\James\Downloads\0436_001 (1).pdf
2018-02-13 16:19 - 2018-02-13 16:20 - 000259264 _____ C:\Users\James\Documents\cc_20180213_161952.reg
2018-02-13 15:52 - 2018-02-13 15:52 - 001688256 _____ (COMODO) C:\Users\James\Downloads\ciscleanuptool_x64.exe
2018-02-13 15:39 - 2018-02-13 15:39 - 005514656 _____ (COMODO) C:\Users\James\Downloads\cispro_30day_installer_1150_8d.exe
2018-02-13 15:01 - 2018-02-09 20:47 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-13 14:10 - 2018-02-13 14:10 - 000000000 ____D C:\MATS
2018-02-13 14:07 - 2018-02-13 14:07 - 000221662 _____ C:\Users\James\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-02-13 13:16 - 2018-02-13 13:16 - 002405376 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2018-02-13 12:56 - 2018-02-20 18:26 - 000003378 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 46c3a649-b7f8-42bc-b1c1-10f7bf2fcc06
2018-02-13 12:56 - 2018-02-20 18:26 - 000003120 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task c5d275a1-2f6b-4ff6-be26-15dcf1212116
2018-02-13 12:56 - 2018-02-20 18:26 - 000000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c5d275a1-2f6b-4ff6-be26-15dcf1212116.job
2018-02-13 12:56 - 2018-02-20 18:26 - 000000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 46c3a649-b7f8-42bc-b1c1-10f7bf2fcc06.job
2018-02-13 12:56 - 2018-02-13 12:56 - 000000000 ____D C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2018-02-13 12:55 - 2018-02-13 12:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-13 12:55 - 2018-02-13 12:55 - 031755304 _____ (SUPERAntiSpyware) C:\Users\James\Downloads\SUPERAntiSpyware.exe
2018-02-13 12:55 - 2018-02-13 12:55 - 000001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-02-13 12:55 - 2018-02-13 12:55 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-02-13 12:55 - 2018-02-13 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-02-13 09:47 - 2018-02-13 09:47 - 000129748 _____ C:\Users\James\Downloads\60kw Nat Gas - LPG L3 drawing new 12-27-17 (1).pdf
2018-02-13 08:17 - 2018-02-13 08:17 - 000111805 _____ C:\Users\James\Downloads\BELMONT CJ AND SAWCUT PLAN 11.2.17 (1).pdf
2018-02-13 07:28 - 2018-02-13 07:28 - 000006710 _____ C:\Users\James\Downloads\confirmation12981686 (2).html
2018-02-13 04:36 - 2018-02-13 04:36 - 006968952 _____ (ESET spol. s r.o.) C:\Users\James\Downloads\esetonlinescanner_enu (1).exe
2018-02-13 03:49 - 2018-02-20 15:53 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-13 03:49 - 2018-02-16 12:25 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-02-13 03:49 - 2018-02-16 12:25 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-13 03:01 - 2018-02-13 03:01 - 005514616 _____ (COMODO) C:\Users\James\Downloads\cfw_installer_6106_53.exe
2018-02-13 02:40 - 2013-04-25 17:20 - 000000076 _____ C:\Users\James\Desktop\JRT_NEW.exe
2018-02-12 23:00 - 2018-02-13 04:36 - 000000000 ____D C:\Users\James\AppData\Local\ESET
2018-02-12 23:00 - 2018-02-12 23:00 - 006968952 _____ (ESET spol. s r.o.) C:\Users\James\Downloads\esetonlinescanner_enu.exe
2018-02-12 22:57 - 2018-02-12 22:58 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-02-12 22:57 - 2018-02-12 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-02-12 22:54 - 2018-02-16 12:25 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-12 22:54 - 2018-02-12 22:54 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-12 22:20 - 2018-02-12 22:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-02-12 21:48 - 2018-02-12 22:24 - 000000000 ____D C:\Users\James\Desktop\mbar
2018-02-12 21:48 - 2018-02-12 22:24 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-12 21:48 - 2018-02-12 21:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\531BE656.sys
2018-02-12 21:38 - 2018-02-12 21:38 - 014178840 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.10.3.1001.exe
2018-02-12 21:31 - 2018-02-12 21:31 - 005659876 _____ (Swearware) C:\Users\James\Downloads\ComboFix.exe
2018-02-12 21:29 - 2018-02-13 12:38 - 000004082 _____ C:\Users\James\Desktop\Rkill.txt
2018-02-12 21:29 - 2018-02-12 21:29 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2018-02-12 21:29 - 2018-02-12 21:29 - 000000000 ____D C:\Users\James\Desktop\rkill
2018-02-12 21:06 - 2018-02-20 18:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-02-12 21:06 - 2018-02-19 16:06 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-02-12 21:06 - 2018-02-12 21:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-02-12 21:06 - 2018-02-12 21:06 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-02-12 21:06 - 2018-02-12 21:06 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-12 21:06 - 2018-02-12 21:06 - 000000000 ____D C:\Users\James\AppData\Roaming\AVAST Software
2018-02-12 21:05 - 2018-02-12 21:05 - 000459952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-02-12 21:05 - 2018-02-12 21:05 - 000379448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000205464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000192944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-02-12 21:05 - 2018-02-12 21:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-02-12 21:05 - 2018-02-12 21:03 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-02-12 21:05 - 2018-02-12 21:03 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-02-12 21:05 - 2018-02-12 21:03 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-02-12 21:05 - 2018-02-12 21:03 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-02-12 21:05 - 2018-02-12 21:03 - 000190440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-02-12 21:05 - 2018-02-12 21:03 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-02-12 21:02 - 2018-02-13 01:34 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-12 21:02 - 2018-02-12 21:02 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-12 21:01 - 2018-02-12 21:01 - 007236456 _____ (AVAST Software) C:\Users\James\Downloads\avast_free_antivirus_setup_online_a2b.exe
2018-02-12 21:00 - 2018-02-12 21:00 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-12 21:00 - 2018-02-12 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-12 20:59 - 2018-02-12 21:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-12 20:59 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-12 20:57 - 2018-02-12 20:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-12 20:52 - 2018-02-12 20:52 - 000863696 _____ (Malwarebytes) C:\Users\James\Downloads\mb-clean-3.1.0.1031 (2).exe
2018-02-12 20:52 - 2018-02-12 20:52 - 000863696 _____ (Malwarebytes) C:\Users\James\Downloads\mb-clean-3.1.0.1031 (1).exe
2018-02-12 20:50 - 2018-02-12 20:51 - 067192592 _____ (Malwarebytes ) C:\Users\James\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3923.exe
2018-02-12 20:38 - 2018-02-12 20:38 - 000128142 _____ C:\Users\James\Documents\cc_20180212_203831.reg
2018-02-12 17:52 - 2018-02-12 17:52 - 000408549 _____ C:\Users\James\Downloads\M2018-DEWO001.pdf
2018-02-12 17:52 - 2018-02-12 17:52 - 000061589 _____ C:\Users\James\Downloads\Dewolfe Crane Service LLC.pdf
2018-02-12 15:54 - 2018-02-12 15:54 - 000000000 ____D C:\Users\James\Documents\FeedbackHub
2018-02-11 21:01 - 2018-02-11 21:01 - 000644387 _____ C:\Users\James\Downloads\VLM Invoice 18-005 (1).pdf
2018-02-11 12:05 - 2018-02-11 12:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-02-11 10:35 - 2018-02-11 10:35 - 000047665 _____ C:\Users\James\Downloads\0429_001 (1).pdf
2018-02-11 10:28 - 2018-02-11 10:28 - 000472323 _____ C:\Users\James\Downloads\RioTintoMIneralsUSBorax_ICR_090315 (2).pdf
2018-02-11 10:21 - 2018-02-11 10:21 - 000180951 _____ C:\Users\James\Downloads\75f827d8-e0fd-477e-9807-e9c89faf96e9.pdf
2018-02-11 10:20 - 2018-02-11 10:20 - 000010925 _____ C:\Users\James\Downloads\BrowzNotice_8f7b04b5-30f8-42f7-b4be-8a8401068a01.pdf
2018-02-11 06:19 - 2018-02-11 06:19 - 001153646 _____ C:\Users\James\Downloads\CRANE LOCATION (4).pdf
2018-02-11 05:48 - 2018-02-11 05:48 - 001300932 _____ C:\Users\James\Downloads\Live Roof Plans_Details (1).pdf
2018-02-11 05:47 - 2018-02-11 05:47 - 004332274 _____ C:\Users\James\Downloads\Pages from 2017.09.08 Bulletin #2 Set_Volume 1 (1).pdf
2018-02-11 05:12 - 2018-02-11 05:12 - 003676350 _____ C:\Users\James\Downloads\Attachment K Certified Payroll Packet_080116 (1).pdf
2018-02-11 00:58 - 2018-02-11 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-02-11 00:57 - 2018-02-19 19:10 - 000000000 ____D C:\Users\James\AppData\Roaming\uTorrent
2018-02-10 23:48 - 2018-02-10 23:48 - 000000000 ____D C:\ProgramData\LogiShrd
2018-02-10 23:47 - 2018-02-10 23:47 - 000000000 ____D C:\Users\James\AppData\Local\Logitech
2018-02-10 23:38 - 2018-02-10 23:38 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-02-10 23:37 - 2018-02-10 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-02-10 23:36 - 2018-02-10 23:38 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2018-02-10 23:34 - 2018-02-10 23:34 - 000000000 ____D C:\Users\James\AppData\Roaming\Logitech
2018-02-10 23:34 - 2018-02-10 23:34 - 000000000 ____D C:\Users\James\AppData\Roaming\Logishrd
2018-02-10 23:32 - 2018-02-10 23:33 - 120137512 _____ (Logitech Inc.) C:\Users\James\Downloads\LGS_8.96.88_x64_Logitech.exe
2018-02-10 21:58 - 2018-02-10 21:58 - 000000000 ____D C:\Users\James\Documents\League of Legends
2018-02-10 21:46 - 2018-02-10 21:46 - 000000000 ____D C:\ProgramData\Riot Games
2018-02-10 21:45 - 2018-02-10 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-02-10 21:45 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-02-10 21:45 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-02-10 21:45 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-02-10 21:45 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-02-10 21:45 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-02-10 21:43 - 2018-02-10 21:44 - 075660376 _____ (Riot Games, Inc) C:\Users\James\Downloads\League of Legends installer NA.exe
2018-02-09 17:10 - 2018-02-09 17:10 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-09 16:40 - 2018-02-09 16:40 - 000206526 _____ C:\Users\James\Downloads\6285be2dz16166ec4b85zx4c7bgsxghbxgguxoo.pdf
2018-02-09 16:36 - 2018-02-09 16:36 - 000129748 _____ C:\Users\James\Downloads\60kw Nat Gas - LPG L3 drawing new 12-27-17.pdf
2018-02-09 15:59 - 2018-02-09 15:59 - 009223353 _____ C:\Users\James\Downloads\Monarch Pit Consolidated Docs.pdf
2018-02-09 15:59 - 2018-02-09 15:59 - 009223353 _____ C:\Users\James\Downloads\Monarch Pit Consolidated Docs (1).pdf
2018-02-09 15:41 - 2018-02-09 15:41 - 001060682 _____ C:\Users\James\Downloads\0430_001.pdf
2018-02-09 15:40 - 2018-02-09 15:40 - 000047665 _____ C:\Users\James\Downloads\0429_001.pdf
2018-02-09 15:22 - 2018-02-09 15:22 - 000007872 _____ C:\Users\James\Downloads\UNCOND.pdf
2018-02-09 15:10 - 2018-02-09 15:10 - 000073305 _____ C:\Users\James\Downloads\13051 (1).pdf
2018-02-09 14:14 - 2018-02-09 14:14 - 003676350 _____ C:\Users\James\Downloads\Attachment K Certified Payroll Packet_080116.pdf
2018-02-08 17:40 - 2018-02-08 17:40 - 000013575 _____ C:\Users\James\Downloads\Dispatch #32515 (1).pdf
2018-02-08 17:39 - 2018-02-08 17:39 - 000013575 _____ C:\Users\James\Downloads\Dispatch #32515.pdf
2018-02-08 15:10 - 2018-02-08 15:10 - 004332274 _____ C:\Users\James\Downloads\Pages from 2017.09.08 Bulletin #2 Set_Volume 1.pdf
2018-02-08 15:10 - 2018-02-08 15:10 - 001300932 _____ C:\Users\James\Downloads\Live Roof Plans_Details.pdf
2018-02-08 14:56 - 2018-02-08 14:56 - 000165361 _____ C:\Users\James\Downloads\0423_001.pdf
2018-02-08 14:09 - 2018-02-08 14:09 - 000115795 _____ C:\Users\James\Downloads\DOHENEY CONDOMINIUMS - Unconditional Waiver and Release on Progress - Vendors (1).pdf
2018-02-08 07:19 - 2018-02-08 07:19 - 000006710 _____ C:\Users\James\Downloads\confirmation12981686 (1).html
2018-02-08 07:14 - 2018-02-08 07:15 - 003141407 _____ C:\Users\James\Downloads\610706 - AHU-8 Crane Plan.pdf
2018-02-07 19:10 - 2018-02-07 19:10 - 001484182 _____ C:\Users\James\Downloads\Document1 (6).pdf
2018-02-07 19:08 - 2018-02-07 19:08 - 001484182 _____ C:\Users\James\Downloads\Document1 (5).pdf
2018-02-07 19:07 - 2018-02-07 19:07 - 000111805 _____ C:\Users\James\Downloads\BELMONT CJ AND SAWCUT PLAN 11.2.17.pdf
2018-02-07 18:46 - 2018-02-07 18:46 - 000006710 _____ C:\Users\James\Downloads\confirmation12981686.html
2018-02-07 13:47 - 2018-02-07 13:47 - 000272338 _____ C:\Users\James\Downloads\image2018-02-07-153446.pdf
2018-02-07 12:21 - 2018-02-07 12:21 - 000135337 _____ C:\Users\James\Downloads\Quote 01405135 - $11533.92USD (2).pdf
2018-02-07 12:18 - 2018-02-07 12:18 - 000134363 _____ C:\Users\James\Downloads\Quote 01405135 - $11251.22USD (1).pdf
2018-02-07 09:29 - 2018-02-07 09:29 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-07 09:29 - 2018-02-07 09:29 - 000002214 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-07 05:04 - 2018-02-07 05:04 - 000008972 _____ C:\Users\James\Downloads\2017 (8).pdf
2018-02-06 18:19 - 2018-02-06 18:19 - 000073305 _____ C:\Users\James\Downloads\13051.pdf
2018-02-06 18:19 - 2018-02-06 18:19 - 000001923 _____ C:\Users\James\Downloads\ATT00001 (19).htm
2018-02-06 16:45 - 2018-02-06 16:45 - 000123536 _____ C:\Users\James\Downloads\OCIP Manual - Shiloh (1).pdf
2018-02-06 16:45 - 2018-02-06 16:45 - 000039171 _____ C:\Users\James\Downloads\Crane Rental Service Revised Confidentiality Agreement - Shiloh (1).pdf
2018-02-06 11:45 - 2018-02-06 11:45 - 000006195 _____ C:\Users\James\Downloads\17-18 Dewolfe auto id card for 2018 Terex eff 1-18-18 (1) (2).pdf
2018-02-06 11:04 - 2018-02-06 11:04 - 000520524 _____ C:\Users\James\Downloads\Subs Insurance Requirements - Dewolfe Crane Services.pdf
2018-02-06 07:19 - 2018-02-06 07:19 - 000472323 _____ C:\Users\James\Downloads\RioTintoMIneralsUSBorax_ICR_090315 (1).pdf
2018-02-05 19:11 - 2018-02-05 19:11 - 000000000 ____D C:\Users\James\AppData\Local\DBG
2018-02-05 17:06 - 2018-02-05 17:06 - 000391714 _____ C:\Users\James\Downloads\SWOP-Dizon-6 2017.pdf
2018-02-05 16:22 - 2018-02-05 16:22 - 001120289 _____ C:\Users\James\Downloads\LIFT ANALYSIS 90 TON CRANE 24% OF CHART.pdf
2018-02-05 16:22 - 2018-02-05 16:22 - 001119250 _____ C:\Users\James\Downloads\LIFT ANALYSIS 70 TON CRANE 48% OF CHART.PDF
2018-02-05 16:22 - 2018-02-05 16:22 - 000790123 _____ C:\Users\James\Downloads\Path of Travel.pdf
2018-02-05 16:21 - 2018-02-05 16:21 - 000962611 _____ C:\Users\James\Downloads\HTC 8690.pdf
2018-02-05 12:40 - 2018-02-05 12:40 - 000217049 _____ C:\Users\James\Downloads\RioTintoMineralsUSBorax_Checklist_090315.pdf
2018-02-05 12:36 - 2018-02-05 12:36 - 012018297 _____ C:\Users\James\Downloads\c48c3a96-4480-4b63-9487-1605b349b333.pdf
2018-02-05 12:34 - 2018-02-05 12:34 - 000472323 _____ C:\Users\James\Downloads\RioTintoMIneralsUSBorax_ICR_090315.pdf
2018-02-05 10:38 - 2018-02-05 10:38 - 000181365 _____ C:\Users\James\Downloads\18-19 EPIC MASTER - Build Group.pdf
2018-02-05 09:22 - 2018-02-05 09:22 - 000388163 _____ C:\Users\James\Downloads\0385_001 (1).pdf
2018-02-05 08:56 - 2018-02-05 08:56 - 000045310 _____ C:\Users\James\Downloads\0382_001 (2).pdf
2018-02-05 08:56 - 2018-02-05 08:56 - 000045310 _____ C:\Users\James\Downloads\0382_001 (1).pdf
2018-02-05 08:40 - 2018-02-05 08:40 - 000044909 _____ C:\Users\James\Downloads\0345_001 (2).pdf
2018-02-02 16:08 - 2018-02-20 17:12 - 000000000 ____D C:\Users\James\AppData\Local\Deployment
2018-02-02 15:11 - 2018-02-02 15:11 - 001295146 _____ C:\Users\James\Downloads\002 - SUBCONTRACTOR REQUALIFICATION FORM (form-fill) (1).pdf
2018-02-02 14:58 - 2018-02-02 14:58 - 003829533 _____ C:\Users\James\Downloads\Southern California Edison - Google Maps.pdf
2018-02-02 08:14 - 2018-02-02 08:14 - 000017850 _____ C:\Users\James\Downloads\4500235499.pdf
2018-02-01 09:29 - 2018-02-01 09:29 - 000022614 _____ C:\Users\James\Downloads\45 reg exp 5-26-18.pdf
2018-02-01 07:59 - 2018-02-01 07:59 - 000014402 _____ C:\Users\James\Downloads\Sure Form stmt 12-6-17 (1).pdf
2018-02-01 04:19 - 2018-02-01 04:19 - 012018297 _____ C:\Users\James\Downloads\Certificate (48).pdf
2018-02-01 04:18 - 2018-02-01 04:18 - 000010925 _____ C:\Users\James\Downloads\BrowzNotice_76570fba-7999-409c-93e4-85c65761b44d.pdf
2018-01-31 19:40 - 2018-01-31 19:40 - 000123536 _____ C:\Users\James\Downloads\OCIP Manual - Shiloh.pdf
2018-01-31 19:36 - 2018-01-31 19:36 - 000039171 _____ C:\Users\James\Downloads\Crane Rental Service Revised Confidentiality Agreement - Shiloh.pdf
2018-01-31 10:29 - 2018-01-31 10:29 - 000005022 _____ C:\Users\James\Downloads\11596-074124-20180131.PDF
2018-01-30 17:38 - 2018-01-30 17:38 - 000063922 _____ C:\Users\James\Downloads\Unconditional Final- Shimmick.pdf
2018-01-30 08:29 - 2018-01-30 08:29 - 000022947 _____ C:\Users\James\Downloads\Published Report 6-6-1-31-Purchase Order-2018-1-29 16 54 34.pdf
2018-01-30 05:43 - 2018-01-30 05:43 - 000248394 _____ C:\Users\James\Downloads\3. Proof of Insurance Requirements (rev 12-23-16) (1).pdf
2018-01-30 05:37 - 2018-01-30 05:37 - 000023841 _____ C:\Users\James\Downloads\f2f7f4ba-fa4f-464b-9f3e-5b7c7ba5324e.pdf
2018-01-29 18:51 - 2018-01-29 18:52 - 000114969 _____ C:\Users\James\Downloads\4. Sample Insurance.pdf
2018-01-29 18:51 - 2018-01-29 18:51 - 000248394 _____ C:\Users\James\Downloads\3. Proof of Insurance Requirements (rev 12-23-16).pdf
2018-01-29 18:49 - 2018-01-29 18:49 - 000131473 _____ C:\Users\James\Downloads\1. Subcontractor Qualification RVSD 1.pdf
2018-01-29 16:01 - 2018-01-29 16:01 - 000006195 _____ C:\Users\James\Downloads\17-18 Dewolfe auto id card for 2018 Terex eff 1-18-18 (1) (1).pdf
2018-01-29 07:28 - 2018-01-29 07:28 - 000159647 _____ C:\Users\James\Downloads\3471_001.pdf
2018-01-28 21:05 - 2018-02-05 18:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-28 21:05 - 2018-02-05 18:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-28 08:07 - 2018-01-28 08:07 - 006748376 _____ C:\Users\James\Downloads\SenaBluetoothDeviceManagerForWindows-v3.6.1-setup_x64 (4).exe
2018-01-28 07:56 - 2018-01-28 07:56 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sena Technologies
2018-01-28 07:55 - 2018-01-28 07:55 - 006748376 _____ C:\Users\James\Downloads\SenaBluetoothDeviceManagerForWindows-v3.6.1-setup_x64 (3).exe
2018-01-28 07:46 - 2018-01-28 07:46 - 006748376 _____ C:\Users\James\Downloads\SenaBluetoothDeviceManagerForWindows-v3.6.1-setup_x64 (2).exe
2018-01-28 07:46 - 2018-01-28 07:46 - 006748376 _____ C:\Users\James\Downloads\SenaBluetoothDeviceManagerForWindows-v3.6.1-setup_x64 (1).exe
2018-01-28 07:24 - 2018-01-28 08:08 - 000001268 _____ C:\Users\James\Desktop\SenaBluetoothDeviceManager.lnk
2018-01-28 07:22 - 2018-01-28 07:22 - 006748376 _____ C:\Users\James\Downloads\SenaBluetoothDeviceManagerForWindows-v3.6.1-setup_x64.exe
2018-01-27 11:01 - 2018-01-27 11:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-27 10:59 - 2018-01-27 10:59 - 000000000 ___HD C:\Users\James\MicrosoftEdgeBackups
2018-01-27 10:56 - 2018-02-13 16:01 - 000000000 ___RD C:\Users\James\3D Objects
2018-01-27 10:54 - 2018-01-27 10:54 - 000000020 ___SH C:\Users\James\ntuser.ini
2018-01-27 10:44 - 2018-02-20 18:26 - 000004186 _____ C:\WINDOWS\System32\Tasks\YQYNHAQU
2018-01-27 10:44 - 2018-02-20 18:26 - 000004182 _____ C:\WINDOWS\System32\Tasks\TWYUDWE
2018-01-27 10:44 - 2018-02-20 18:26 - 000003834 _____ C:\WINDOWS\System32\Tasks\DRI
2018-01-27 10:44 - 2018-02-20 18:26 - 000003830 _____ C:\WINDOWS\System32\Tasks\RI
2018-01-27 10:44 - 2018-02-20 18:26 - 000003650 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001UA1d2372c8a20bf34
2018-01-27 10:44 - 2018-02-20 18:26 - 000003590 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1511710201
2018-01-27 10:44 - 2018-02-20 18:26 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-27 10:44 - 2018-02-20 18:26 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000003382 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001Core1d2372c89fdd35a
2018-01-27 10:44 - 2018-02-20 18:26 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-27 10:44 - 2018-02-20 18:26 - 000003302 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{513F2E47-7FCA-4E33-8369-27485E2E2785}
2018-01-27 10:44 - 2018-02-20 18:26 - 000003250 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-543752171-4003080874-1251698838-1001
2018-01-27 10:44 - 2018-02-20 18:26 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000003154 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-543752171-4003080874-1251698838-1001
2018-01-27 10:44 - 2018-02-20 18:26 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-27 10:44 - 2018-02-20 18:26 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002930 _____ C:\WINDOWS\System32\Tasks\Driver Support
2018-01-27 10:44 - 2018-02-20 18:26 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-543752171-4003080874-1251698838-1001
2018-01-27 10:44 - 2018-02-20 18:26 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2018-01-27 10:44 - 2018-02-20 18:26 - 000002334 _____ C:\WINDOWS\System32\Tasks\{AD4EAF0A-6189-4002-A101-B2A0B3C8A19E}
2018-01-27 10:44 - 2018-02-20 18:26 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-27 10:44 - 2018-02-20 18:26 - 000001970 _____ C:\WINDOWS\System32\Tasks\{6C6DC615-32F7-48B9-BFE5-EAE51F662A99}
2018-01-27 10:44 - 2018-02-16 12:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-27 10:44 - 2018-01-27 10:45 - 000002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-543752171-4003080874-1251698838-1001
2018-01-27 10:44 - 2018-01-27 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-01-27 10:44 - 2018-01-27 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-01-27 10:44 - 2018-01-27 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-01-27 10:42 - 2018-01-27 10:44 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-01-27 10:42 - 2018-01-27 10:44 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-01-27 10:24 - 2018-02-16 12:32 - 001210278 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-27 09:34 - 2018-01-27 09:34 - 000000000 ____D C:\ProgramData\USOShared
2018-01-27 09:31 - 2018-01-27 09:31 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-01-27 09:28 - 2018-02-20 16:02 - 000000000 ____D C:\Users\James
2018-01-27 09:28 - 2018-02-12 22:35 - 000000000 ____D C:\Users\James\AppData\Local\Packages
2018-01-27 09:26 - 2018-01-27 09:26 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-27 09:26 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-27 09:26 - 2017-02-09 18:33 - 000512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-01-27 09:26 - 2017-02-09 18:33 - 000418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-01-27 09:26 - 2017-02-09 14:39 - 000134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-01-27 09:26 - 2017-01-25 16:13 - 000103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-27 09:26 - 2017-01-25 16:12 - 000326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-27 09:26 - 2017-01-25 16:09 - 000322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-27 09:26 - 2017-01-25 16:09 - 000118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-27 09:23 - 2018-02-20 18:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-27 09:23 - 2018-02-13 15:58 - 000495032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-27 08:32 - 2018-01-27 09:20 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-01-27 08:29 - 2018-01-27 08:32 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-27 08:27 - 2018-01-27 08:27 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-01-27 08:27 - 2018-01-27 08:27 - 000000000 ____D C:\Program Files\MSBuild
2018-01-27 08:27 - 2018-01-27 08:27 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-01-27 08:27 - 2018-01-27 08:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-27 08:25 - 2017-09-28 15:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-01-27 08:25 - 2017-09-28 15:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-01-27 08:25 - 2017-09-28 15:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-01-27 08:25 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-01-27 08:25 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-01-27 08:25 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-01-27 08:11 - 2018-01-27 08:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-27 07:40 - 2018-02-12 20:36 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-26 15:45 - 2018-01-26 15:45 - 000388163 _____ C:\Users\James\Downloads\0385_001.pdf
2018-01-26 15:04 - 2018-01-26 15:04 - 000736116 _____ C:\Users\James\Downloads\DOC012618-002.pdf
2018-01-26 15:03 - 2018-01-26 15:03 - 000559715 _____ C:\Users\James\Downloads\Dewolfe 45.pdf
2018-01-26 15:03 - 2018-01-26 15:03 - 000327982 _____ C:\Users\James\Downloads\Dewolfe 90.pdf
2018-01-26 15:02 - 2018-01-26 15:02 - 000333402 _____ C:\Users\James\Downloads\Dewolfe 41.pdf
2018-01-26 08:25 - 2018-01-26 08:25 - 000221325 _____ C:\Users\James\Downloads\Copy of certs - Dewolfe (1).pdf
2018-01-26 07:24 - 2018-01-26 07:24 - 000045310 _____ C:\Users\James\Downloads\0382_001.pdf
2018-01-25 17:49 - 2018-01-25 17:49 - 000738594 _____ C:\Users\James\Downloads\M2 -ClickSafety - User Set-Up Guide.pdf
2018-01-25 14:54 - 2018-01-25 14:54 - 000515287 _____ C:\Users\James\Downloads\DEWOLFE ANNUAL TRANSPORTATION PERMIT (1).PDF
2018-01-25 14:51 - 2018-01-25 14:51 - 000611211 _____ C:\Users\James\Downloads\Dewolfe.220634.cert.18.pdf
2018-01-25 14:50 - 2018-01-25 14:50 - 000127967 _____ C:\Users\James\Downloads\DEWOLFE CRANE INSPECTION REPORT.PDF
2018-01-25 14:49 - 2018-01-25 14:49 - 000515287 _____ C:\Users\James\Downloads\DEWOLFE ANNUAL TRANSPORTATION PERMIT.PDF
2018-01-25 13:49 - 2018-01-25 13:49 - 000176665 _____ C:\Users\James\Downloads\Contractor Certificate (2).pdf
2018-01-25 13:49 - 2018-01-25 13:49 - 000043174 _____ C:\Users\James\Downloads\Welcome Letter (2).pdf
2018-01-25 13:35 - 2018-01-25 13:35 - 000072737 _____ C:\Users\James\Downloads\17-18 Dewolfe Crane Service Pkg-GL dec for Loma Linda job.pdf
2018-01-25 13:34 - 2018-01-25 13:34 - 000079509 _____ C:\Users\James\Downloads\Dewolfe Crane Services (6).pdf
2018-01-25 13:24 - 2018-01-25 13:24 - 000024425 _____ C:\Users\James\Downloads\ICW_- GL.PDF
2018-01-25 13:21 - 2018-01-25 13:21 - 000074822 _____ C:\Users\James\Downloads\17-18 Dewolfe Crane Service Inc $5MM EXCESS Dec and forms -Flat premium (1).pdf
2018-01-25 13:19 - 2018-01-25 13:19 - 000087489 _____ C:\Users\James\Downloads\17-18 Dewolfe Crane Service Inc Dec, forms, GL rates (1) (1).pdf
2018-01-25 13:18 - 2018-01-25 13:18 - 000000065 _____ C:\Users\James\Downloads\17-18 Dewolfe Crane Service Inc $5MM EXCESS Dec and forms -Flat premium.pdf.url
2018-01-25 13:18 - 2018-01-25 13:18 - 000000065 _____ C:\Users\James\Downloads\17-18 Dewolfe Crane Service Inc $5MM EXCESS Dec and forms -Flat premium.pdf (1).url
2018-01-24 18:45 - 2018-01-24 18:45 - 008206624 _____ (Malwarebytes) C:\Users\James\Downloads\adwcleaner_7.0.7.0.exe
2018-01-24 18:43 - 2017-10-10 17:05 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-01-24 18:43 - 2017-10-10 17:05 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-01-24 18:29 - 2018-02-12 21:00 - 000032876 _____ C:\Users\James\Desktop\mb-clean-results.txt
2018-01-24 18:29 - 2018-02-12 20:52 - 000000023 _____ C:\Users\James\Desktop\mb-licenseinfo.txt
2018-01-24 18:28 - 2018-01-24 18:28 - 003026454 _____ C:\Users\James\Desktop\mb-check-results.zip
2018-01-24 18:28 - 2018-01-24 18:28 - 000863696 _____ (Malwarebytes) C:\Users\James\Downloads\mb-clean-3.1.0.1031.exe
2018-01-24 18:27 - 2018-01-24 18:27 - 002326984 _____ (Malwarebytes Corporation) C:\Users\James\Downloads\mb-check-3.1.9.1001.exe
2018-01-24 16:37 - 2018-01-24 16:37 - 000195346 _____ C:\Users\James\Downloads\wu170509.diagcab
2018-01-24 16:01 - 2018-01-24 16:01 - 000030407 _____ C:\Users\James\Downloads\1516837981032.fax.pdf
2018-01-24 15:59 - 2018-01-24 15:59 - 000030696 _____ C:\Users\James\Downloads\1516837790685.fax.pdf
2018-01-24 12:52 - 2018-01-24 12:52 - 000249498 _____ C:\Users\James\Downloads\Cranes For Sale (48).pdf
2018-01-24 11:39 - 2018-01-24 11:40 - 000134363 _____ C:\Users\James\Downloads\Quote 01405135 - $11251.22USD.pdf
2018-01-24 09:13 - 2018-01-24 09:13 - 000135337 _____ C:\Users\James\Downloads\Quote 01405135 - $11533.92USD (1).pdf
2018-01-24 09:04 - 2018-01-24 09:04 - 000068977 _____ C:\Users\James\Downloads\610706 - AHU-8_MHLB_Submittal cutsheet (1).pdf
2018-01-24 09:03 - 2018-01-24 09:03 - 001652139 _____ C:\Users\James\Downloads\Site Plan (6).pdf
2018-01-24 05:40 - 2018-01-24 05:41 - 000579724 _____ C:\Users\James\Downloads\Quixote Bid Set (Arch & Struct Only) A2.10 (1).pdf
2018-01-23 18:59 - 2018-01-23 18:59 - 000579724 _____ C:\Users\James\Downloads\Quixote Bid Set (Arch & Struct Only) A2.10.pdf
2018-01-23 18:48 - 2018-01-23 18:48 - 000580757 _____ C:\Users\James\Downloads\Quixote Bid Set (Arch & Struct Only) S3.1.pdf
2018-01-23 16:57 - 2018-01-23 16:57 - 000369101 _____ C:\Users\James\Downloads\Excel Paving.pdf
2018-01-23 14:34 - 2018-01-23 14:34 - 000040903 _____ C:\Users\James\Downloads\Quote#-1538300.pdf
2018-01-23 13:58 - 2018-01-23 13:58 - 000087489 _____ C:\Users\James\Downloads\17-18 Dewolfe Crane Service Inc Dec, forms, GL rates (1).pdf
2018-01-23 13:39 - 2018-01-23 13:39 - 000046962 _____ C:\Users\James\Downloads\American lndscp-Paladin wksht 1-7-18.pdf
2018-01-23 11:00 - 2018-01-23 11:00 - 000639315 _____ C:\Users\James\Downloads\#44 caltrans exp 8-28-18.pdf
2018-01-23 10:02 - 2018-01-23 10:02 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC025.tmp
2018-01-23 09:48 - 2018-01-23 09:48 - 000135337 _____ C:\Users\James\Downloads\Quote 01405135 - $11533.92USD.pdf
2018-01-22 09:46 - 2018-01-22 09:46 - 000221325 _____ C:\Users\James\Downloads\Copy of certs - Dewolfe.pdf
2018-01-22 09:29 - 2018-01-22 09:29 - 000024266 _____ C:\Users\James\Downloads\_AUS_RAS_000533050499 (1).pdf_
2018-01-22 09:03 - 2018-01-22 09:03 - 000362288 _____ C:\Users\James\Downloads\Subcontractor Insurance Requirements (1).pdf
2018-01-22 06:01 - 2018-01-22 06:01 - 000044909 _____ C:\Users\James\Downloads\0345_001 (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-20 18:26 - 2016-12-15 10:52 - 000000656 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-543752171-4003080874-1251698838-1001.job
2018-02-20 18:26 - 2016-12-15 10:52 - 000000560 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-543752171-4003080874-1251698838-1001.job
2018-02-20 18:26 - 2016-11-04 22:19 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001UA1d2372c8a20bf34.job
2018-02-20 18:26 - 2016-11-04 22:19 - 000000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001Core1d2372c89fdd35a.job
2018-02-20 18:26 - 2014-09-07 05:49 - 000001710 _____ C:\WINDOWS\Tasks\TWYUDWE.job
2018-02-20 18:26 - 2014-09-07 05:49 - 000001358 _____ C:\WINDOWS\Tasks\DRI.job
2018-02-20 18:26 - 2014-09-06 09:19 - 000001712 _____ C:\WINDOWS\Tasks\YQYNHAQU.job
2018-02-20 18:26 - 2014-09-06 09:19 - 000001356 _____ C:\WINDOWS\Tasks\RI.job
2018-02-20 18:01 - 2013-08-21 10:52 - 000000000 ____D C:\QB DATA
2018-02-20 17:47 - 2012-10-09 08:56 - 000000000 ____D C:\temp
2018-02-20 17:30 - 2013-08-26 19:07 - 000000000 ____D C:\Users\James\AppData\Local\CutePDF Writer
2018-02-20 16:31 - 2017-03-22 10:16 - 000000000 ____D C:\Users\James\AppData\Local\CrashDumps
2018-02-20 16:03 - 2013-08-12 20:53 - 000000000 ____D C:\Users\James\Desktop\PAYROLL
2018-02-20 16:02 - 2016-11-10 12:54 - 000000000 ____D C:\Users\James\Desktop\Maintenance
2018-02-20 12:52 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-20 12:51 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-20 12:51 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-20 12:50 - 2016-09-25 19:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-19 19:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-02-18 02:00 - 2014-03-17 10:10 - 000000000 ___RD C:\Users\James\OneDrive
2018-02-17 02:00 - 2017-07-08 05:36 - 000000000 ____D C:\Users\James\AppData\Local\GoToMeeting
2018-02-16 12:25 - 2016-07-14 07:52 - 000146648 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2018-02-16 11:54 - 2017-09-29 00:45 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-02-15 12:59 - 2014-05-06 14:00 - 000001979 _____ C:\Users\Public\Desktop\Google Web Designer.lnk
2018-02-14 19:47 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-14 19:36 - 2014-05-14 18:02 - 000002370 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-14 05:30 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-13 16:15 - 2013-08-13 17:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-13 16:11 - 2017-10-10 15:44 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-13 16:11 - 2013-08-13 17:13 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 16:09 - 2014-01-26 06:55 - 000000000 ____D C:\Users\James\AppData\Roaming\TeamViewer
2018-02-13 16:01 - 2016-04-26 22:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-13 15:58 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-13 15:54 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-13 15:54 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-13 15:54 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-13 15:54 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-13 15:54 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-13 15:45 - 2014-02-16 16:38 - 000000516 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website
2018-02-13 15:39 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-13 14:37 - 2017-02-08 10:29 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-02-13 14:35 - 2017-02-08 08:17 - 000000000 ____D C:\Program Files\TrueKey
2018-02-13 14:11 - 2014-07-08 18:34 - 000000000 ____D C:\Users\James\AppData\Local\ElevatedDiagnostics
2018-02-13 06:50 - 2017-02-08 10:30 - 000001249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2018-02-13 06:50 - 2017-02-08 10:30 - 000001235 _____ C:\Users\Public\Desktop\True Key.lnk
2018-02-13 02:46 - 2014-04-09 18:56 - 000000000 ____D C:\AdwCleaner
2018-02-12 22:57 - 2015-11-28 07:20 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-02-12 22:57 - 2013-12-04 10:14 - 000002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-02-12 22:41 - 2017-11-26 07:32 - 000000000 ____D C:\ProgramData\Norton
2018-02-12 22:38 - 2017-09-29 00:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-12 20:57 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-12 19:19 - 2017-05-25 05:00 - 000000000 ____D C:\Users\James\AppData\Roaming\HD Media Player
2018-02-12 19:01 - 2015-07-06 05:09 - 000000000 ____D C:\Users\James\AppData\Local\Dropbox
2018-02-12 19:01 - 2013-11-29 13:15 - 000000000 ___RD C:\Users\James\Dropbox
2018-02-10 23:55 - 2014-05-06 15:52 - 000000000 ____D C:\Users\James\Desktop\DeWolfeCrane_Website
2018-02-10 23:46 - 2012-08-31 15:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-10 23:36 - 2014-03-11 18:25 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-09 17:10 - 2013-11-29 13:13 - 000000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2018-02-07 09:29 - 2016-05-03 15:24 - 000000000 ____D C:\Program Files\Google
2018-01-29 10:28 - 2013-08-21 09:02 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-28 21:01 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-28 21:01 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-28 21:00 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-28 21:00 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-28 21:00 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-28 21:00 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-28 07:24 - 2014-03-11 18:25 - 000000000 ____D C:\Program Files\DIFX
2018-01-28 07:23 - 2013-08-21 17:16 - 000000000 ____D C:\Users\James\Desktop\DEWOLFE CRANE
2018-01-28 06:05 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-27 10:59 - 2017-01-25 10:17 - 000002339 _____ C:\Users\James\Desktop\Google Chrome.lnk
2018-01-27 10:56 - 2016-09-25 19:38 - 000000000 ____D C:\Users\James\AppData\Local\ConnectedDevicesPlatform
2018-01-27 10:55 - 2016-07-14 14:43 - 000000000 ____D C:\Users\James\AppData\Local\TileDataLayer
2018-01-27 10:50 - 2014-04-09 14:50 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-01-27 10:48 - 2016-07-14 06:02 - 000000000 ___HD C:\$GetCurrent
2018-01-27 10:45 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-27 10:41 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Registration
2018-01-27 10:41 - 2016-07-14 08:01 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-01-27 10:25 - 2013-08-21 09:02 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-27 10:24 - 2013-08-12 16:03 - 000903962 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-01-27 09:37 - 2016-11-16 12:15 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Machines, Inc
2018-01-27 09:37 - 2015-05-04 07:16 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2018-01-27 09:31 - 2017-09-29 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-27 09:27 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-27 09:26 - 2016-09-25 19:01 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-27 09:26 - 2016-09-25 19:01 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-27 09:26 - 2016-09-25 19:01 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-27 09:25 - 2016-09-25 19:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-27 09:22 - 2017-09-29 05:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-27 09:20 - 2018-01-14 06:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-27 09:20 - 2017-09-29 05:49 - 000000000 ____D C:\WINDOWS\Setup
2018-01-27 09:20 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-27 09:20 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-27 09:20 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\IME
2018-01-27 09:20 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Help
2018-01-27 09:20 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-27 09:20 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-27 09:20 - 2017-06-13 20:49 - 000000000 ____D C:\Program Files\UNP
2018-01-27 09:20 - 2017-05-26 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-01-27 09:20 - 2017-05-25 04:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Media Player
2018-01-27 09:20 - 2017-04-01 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-01-27 09:20 - 2017-02-28 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-27 09:20 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-27 09:20 - 2016-07-11 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-01-27 09:20 - 2016-05-16 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-01-27 09:20 - 2015-07-09 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2018-01-27 09:20 - 2015-05-03 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manitowoc Compu-Crane 4.4+
2018-01-27 09:20 - 2015-04-25 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-01-27 09:20 - 2015-03-16 05:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2018-01-27 09:20 - 2014-12-08 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSecurityPlusPlayer
2018-01-27 09:20 - 2014-11-10 19:49 - 000000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2018-01-27 09:20 - 2014-08-30 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Integrated Accounting Version 8
2018-01-27 09:20 - 2014-08-05 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-27 09:20 - 2014-07-24 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-01-27 09:20 - 2014-06-26 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PenPower WorldCard
2018-01-27 09:20 - 2014-05-06 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-01-27 09:20 - 2014-05-06 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer
2018-01-27 09:20 - 2014-05-06 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Web Designer
2018-01-27 09:20 - 2013-08-26 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2018-01-27 09:20 - 2013-08-23 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2018-01-27 09:20 - 2013-08-22 19:41 - 000000000 ____D C:\WINDOWS\en
2018-01-27 09:20 - 2013-08-12 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2018-01-27 09:20 - 2013-08-12 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2018-01-27 09:20 - 2013-08-12 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2018-01-27 09:20 - 2013-08-12 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-01-27 09:20 - 2012-10-09 08:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2018-01-27 09:20 - 2012-10-09 08:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-01-27 09:20 - 2012-10-09 08:47 - 000000000 ____D C:\Program Files\Intel
2018-01-27 09:20 - 2012-08-31 15:34 - 000000000 ____D C:\WINDOWS\nl
2018-01-27 09:20 - 2012-08-31 15:34 - 000000000 ____D C:\WINDOWS\it
2018-01-27 09:20 - 2012-08-31 15:34 - 000000000 ____D C:\WINDOWS\fr
2018-01-27 09:20 - 2012-08-31 15:34 - 000000000 ____D C:\WINDOWS\es
2018-01-27 09:20 - 2012-08-31 15:34 - 000000000 ____D C:\WINDOWS\el
2018-01-27 09:20 - 2012-08-31 15:33 - 000000000 ____D C:\WINDOWS\de
2018-01-27 09:20 - 2012-08-31 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2018-01-27 09:20 - 2012-08-31 13:42 - 000000000 ____D C:\WINDOWS\en-GB
2018-01-27 09:20 - 2012-07-26 00:12 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-27 08:39 - 2017-09-29 05:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-27 08:33 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-27 08:33 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-27 08:33 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-27 08:33 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-27 08:33 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-27 08:32 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-27 08:32 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-27 08:32 - 2016-09-25 19:01 - 000000000 ____D C:\Program Files\Realtek
2018-01-27 08:32 - 2016-09-25 19:01 - 000000000 ____D C:\Program Files\ASUS
2018-01-27 08:32 - 2015-01-05 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2018-01-27 08:32 - 2014-06-26 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
2018-01-27 08:32 - 2014-02-05 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1A Software
2018-01-27 08:32 - 2013-08-26 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
2018-01-27 08:32 - 2013-08-21 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaming Keyboard
2018-01-27 08:32 - 2012-08-31 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-01-27 07:39 - 2016-07-14 06:29 - 000000036 _____ C:\WINDOWS\progress.ini
2018-01-27 07:39 - 2016-07-14 06:02 - 000000000 ____D C:\Windows10Upgrade
2018-01-27 07:17 - 2018-01-19 08:43 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-01-27 07:17 - 2018-01-19 08:43 - 000000802 _____ C:\Users\James\Desktop\Windows 10 Update Assistant.lnk
2018-01-27 07:17 - 2017-09-28 13:34 - 000000000 ____D C:\Program Files\rempl
2018-01-24 18:50 - 2015-11-23 19:08 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2018-01-24 18:43 - 2017-02-28 19:29 - 000001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-01-24 03:03 - 2013-08-21 16:53 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-22 17:15 - 2013-08-21 09:02 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-07-24 07:19 - 2017-09-27 09:51 - 001990144 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\James\AppData\Roaming\libeay32.dll
2017-07-24 07:19 - 2017-09-27 09:51 - 000719217 _____ () C:\Users\James\AppData\Roaming\libevent-2-0-5.dll
2017-07-24 07:19 - 2017-09-27 09:51 - 000523262 _____ () C:\Users\James\AppData\Roaming\libgcc_s_sjlj-1.dll
2017-07-24 07:19 - 2017-09-27 09:51 - 000092599 _____ () C:\Users\James\AppData\Roaming\libssp-0.dll
2017-07-24 07:19 - 2017-09-27 09:51 - 000400384 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\James\AppData\Roaming\ssleay32.dll
2017-07-24 07:19 - 2017-09-27 09:51 - 002967040 _____ () C:\Users\James\AppData\Roaming\tor.exe
2017-07-24 07:19 - 2017-09-27 09:51 - 000107520 _____ () C:\Users\James\AppData\Roaming\zlib1.dll

Some files in TEMP:
====================
2014-08-06 07:48 - 2014-09-02 12:58 - 000377099 _____ () C:\Users\James\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-16 12:36

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.02.2018
Ran by James (20-02-2018 18:28:04)
Running from C:\Users\James\Desktop
Windows 10 Home Version 1709 16299.248 (X64) (2018-01-27 18:48:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-543752171-4003080874-1251698838-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-543752171-4003080874-1251698838-503 - Limited - Disabled)
Guest (S-1-5-21-543752171-4003080874-1251698838-501 - Limited - Disabled)
James (S-1-5-21-543752171-4003080874-1251698838-1001 - Administrator - Enabled) => C:\Users\James
WDAGUtilityAccount (S-1-5-21-543752171-4003080874-1251698838-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{67545B7F-ADF5-453F-B5FC-9AFDA61BFF08}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Music Maker (HKLM\...\{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM\...\{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM\...\{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS Contact (HKLM\...\BS Contact) (Version: - Bitmanagement Software GmbH)
BS Contact (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\BS Contact) (Version: - Bitmanagement Software GmbH)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
Cortona2D Viewer (HKLM\...\{E9E2D512-0E70-4BAD-A92F-FD4DF995CBB0}) (Version: 1.0.28 - Paragraphics Ltd.)
Cortona3D Viewer (HKLM\...\{DEACDFFA-D424-416F-B849-FA282F55B2CE}) (Version: 7.0.188 - ParallelGraphics)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: - )
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)
Flux Player (HKLM-x32\...\Flux Player) (Version: 2.0.0.657 - Media Machines, Inc.)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.7.1.0 - Google LLC.)
GoPro App (HKLM-x32\...\{CAF8EA09-7C5D-4E95-B487-2100E8C40A9F}) (Version: 0.1.443 - GoPro, Inc.) Hidden
GoPro Studio 2.5.5 (HKLM-x32\...\{5d43231e-c765-405a-a122-81de16acd8b4}) (Version: 2.5.5.443 - GoPro, Inc.)
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 100 Mobile L411 14.0 Rel. 6 (HKLM\...\{36419AF2-1B07-4517-984B-ACCA10782FCC}) (Version: 14.0 - HP)
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Integrated Accounting 8th Ed (HKLM-x32\...\{CB5013BB-D52B-46C8-8B9C-58664AC24B84}) (Version: 7.00.000 - )
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.20.108.1 - Intel Security)
iSecurity+ Player version 1.1.2 (HKLM\...\{32477CC4-DF51-4834-A3E3-5ED765ABC044}_is1) (Version: 1.1.2 - Seedonk, Inc.)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version: - KompoZer)
L411 (HKLM-x32\...\{97FC7F51-C03A-49FE-ACCC-242C99475BC2}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
L411_Help (HKLM-x32\...\{5420FFDB-0FF9-4E6F-88BB-2382B586B3C5}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
L411_Software_Min (HKLM-x32\...\{1C33CD2B-91E8-4623-B5CC-EFB020E9554E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Leawo iOS Data Recovery version 2.8.8.0 (HKLM-x32\...\{F21ABC45-6616-4C69-8C99-50D8DC8B45CE}_is1) (Version: 2.8.8.0 - Leawo Software)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manitowoc Compu-Crane 4.4.2 (HKLM-x32\...\{A0479AA7-F170-4204-A79E-6A1B7951132C}) (Version: 4.4.2 - Manitowoc Cranes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9001.2138 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{92838039-27B8-4433-AA2B-F432DC0E5E8B}) (Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
QuickBooks (HKLM-x32\...\{604FB1E3-84F2-45E2-AD26-49422B021393}) (Version: 25.0.4016.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4013.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Self-service Plug-in (HKLM-x32\...\{21451E87-020C-43AD-8043-B07D36BE889E}) (Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Sena Bluetooth Device Manager 3.6.1 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 3.6.1 - Copyright © 2012 ~ 2017 Sena Technologies Inc.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
System.Data.SQLite v1.0.82.0 (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.82.0 - System.Data.SQLite Team)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.44109 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VFW_Codec32 (HKLM-x32\...\{EC8C32B0-3AF0-4CEF-B9A1-2C133FFAB160}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{692E20FD-F1EC-415E-8591-8A9145174B41}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (10/23/2017 2.5.3.1) (HKLM\...\E32FC62C91D94E139E8F701DCDF137E07CB71EA3) (Version: 10/23/2017 2.5.3.1 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Workspace Desktop (HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\workspacedesktop) (Version: - Starfield Technologies)
WorldCard (HKLM-x32\...\{C68E17A5-7D39-42EE-ABEC-4262C6C4F4E3}) (Version: 8.02.0000 - PenPower)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{154606D9-3A28-4929-BA5D-B240A4BB6D13}\InprocServer32 -> C:\Program Files\Bitmanagement Software\BS Contact\BSVersion_71.ocx (Bitmanagement Software GmbH)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\James\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{4B6E3013-6E45-11D0-9309-0020AFE05CC8}\InprocServer32 -> C:\Program Files\Bitmanagement Software\BS Contact\BSContactVRML.ocx (Bitmanagement Software)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{4B6E3014-6E45-11D0-9309-0020AFE05CC8}\InprocServer32 -> C:\Program Files\Bitmanagement Software\BS Contact\BSContactVRML.ocx (Bitmanagement Software)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{7C26EAE8-5ABF-495B-8956-49F35631CD11}\InprocServer32 -> C:\Program Files\Bitmanagement Software\BS Contact\BSVersion_71.ocx (Bitmanagement Software GmbH)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\James\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543752171-4003080874-1251698838-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-12-30] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-12-30] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-12] (AVAST Software)
ContextMenuHandlers1: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-12] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-02-09] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-12] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-543752171-4003080874-1251698838-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1_S-1-5-21-543752171-4003080874-1251698838-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => -> No File
ContextMenuHandlers4_S-1-5-21-543752171-4003080874-1251698838-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-543752171-4003080874-1251698838-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FDFAED-B825-4974-9499-4A4D2992F405} - System32\Tasks\ASUS\ASUS Smart Cooling Helper => C:\Program Files (x86)\ASUS\AI Suite II\Smart Cooling\AsSmartCoolingService.exe [2012-03-28] (ASUSTeK Computer Inc.)
Task: {0136FC31-1A35-4377-AA79-62AE96923A93} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {04F57E3C-58A2-4DED-A008-32B67D1403B3} - System32\Tasks\{6C6DC615-32F7-48B9-BFE5-EAE51F662A99} => C:\Windows\system32\pcalua.exe -a J:\Setup.exe -d J:\
Task: {058F3B69-DE69-433F-A27B-DAD7DB34209B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {0DEED19F-5790-434E-85B6-9C5C17D46886} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-02-12] (AVAST Software)
Task: {1E7E45CA-F085-4961-B302-7ECFB04D52B0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {2889E4C1-BEC8-4804-8C0D-2CE2F7E21795} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {2C0A9317-8845-4A6C-87EA-2927F918481B} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe
Task: {49C4B8DD-D0D2-45FF-A6AF-57D69FCB5F0F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {49EE45DD-5B8E-43D8-BD4F-63C926A199FE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-02-06] (Microsoft Corporation)
Task: {4E0E28D2-4D8E-41A5-AE98-D1FF82492F86} - System32\Tasks\G2MUploadTask-S-1-5-21-543752171-4003080874-1251698838-1001 => C:\Users\James\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-19] (LogMeIn, Inc.)
Task: {519A6ACF-4841-418C-89DE-D7B5E36167B8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001UA1d2372c8a20bf34 => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {58F912C5-176C-4684-A38E-ABC738BB6212} - System32\Tasks\DRI => C:\Users\James\AppData\Roaming\DRI.exe <==== ATTENTION
Task: {614A296B-1CF5-45E0-8D64-A6825DDEFE10} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {63805A75-D487-47EA-B245-90FDBAC6C681} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-12] (AVAST Software)
Task: {6B9E671C-9C15-49DC-B045-6AFD3D25CE0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {70633462-288C-484A-80A9-5104C6A1D281} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-06] (Microsoft Corporation)
Task: {79213CEB-1AA5-420A-9249-6E10A31B80D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {7B317D11-D5E9-492F-9608-A30785779366} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {844E2F6C-E33E-4975-A526-B41C08E863D9} - System32\Tasks\SUPERAntiSpyware Scheduled Task c5d275a1-2f6b-4ff6-be26-15dcf1212116 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {84E496F3-4368-4C93-8B03-07BDD1F1133E} - System32\Tasks\Opera scheduled Autoupdate 1511710201 => C:\Users\James\AppData\Local\Programs\Opera\launcher.exe
Task: {862EF320-8E12-48E5-BC4B-5990CD3EC125} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {8CDE2493-61C7-44B7-BD36-9198B37D7CF3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {99D29C8E-C3C2-4ABD-951C-76D91CED15FC} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A380B442-E846-4A32-B550-E52823FEF7A5} - System32\Tasks\RI => C:\Users\James\AppData\Roaming\RI.exe <==== ATTENTION
Task: {A9673B90-AFCF-4D63-8A59-27B5BF1CF17A} - System32\Tasks\YQYNHAQU => C:\Users\James\AppData\Roaming\YQYNHAQU.exe <==== ATTENTION
Task: {AF9D9FA0-5A05-4AB7-AEA6-F7D3FA131B14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001Core1d2372c89fdd35a => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {B024D28E-D73E-46FF-B659-A6ABEE559606} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {B6DB4407-A8E0-4D7C-90A6-4104D23C48F9} - \WPD\SqmUpload_S-1-5-21-543752171-4003080874-1251698838-1001 -> No File <==== ATTENTION
Task: {B83C9718-A886-4EF1-A104-85C54E2C5128} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {C36A9CF7-9941-4021-8439-5722940305DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C5275789-3828-45F9-9977-50D450436D1A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {C8504009-0EE7-4C95-BEA2-63821B97D050} - System32\Tasks\TWYUDWE => C:\Users\James\AppData\Roaming\TWYUDWE.exe <==== ATTENTION
Task: {D6647A62-4CD0-4CE5-8C23-D7B2CA36CD93} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D6B30E97-8F6A-41E3-82B2-F1BAFE706CAC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-02-13] (Microsoft Corporation)
Task: {E77F11E3-FBB8-4238-8A2B-202D6971227B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {EBBDDB38-0E3F-41F0-8324-5CCEAD18E2CD} - System32\Tasks\G2MUpdateTask-S-1-5-21-543752171-4003080874-1251698838-1001 => C:\Users\James\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-19] (LogMeIn, Inc.)
Task: {F8DD3CE9-A9AD-47FF-985D-4646C0EEDEBB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {FACE3583-9FB7-42E7-A740-2825257AE2D1} - System32\Tasks\{AD4EAF0A-6189-4002-A101-B2A0B3C8A19E} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YINSHWA.EXE -c /R /APD /P:"EPSON WorkForce 545 Series"
Task: {FC7799CB-2E18-4BBB-A506-68D014319351} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-06] (Microsoft Corporation)
Task: {FF7CB5E7-1066-4903-AF74-CC7BE208DDE4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 46c3a649-b7f8-42bc-b1c1-10f7bf2fcc06 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DRI.job => C:\Users\James\AppData\Roaming\DRI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001Core1d2372c89fdd35a.job => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-543752171-4003080874-1251698838-1001UA1d2372c8a20bf34.job => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-543752171-4003080874-1251698838-1001.job => C:\Users\James\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-543752171-4003080874-1251698838-1001.job => C:\Users\James\AppData\Local\GoToMeeting\8199\g2mupload.exe
Task: C:\WINDOWS\Tasks\RI.job => C:\Users\James\AppData\Roaming\RI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 46c3a649-b7f8-42bc-b1c1-10f7bf2fcc06.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c5d275a1-2f6b-4ff6-be26-15dcf1212116.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\TWYUDWE.job => C:\Users\James\AppData\Roaming\TWYUDWE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YQYNHAQU.job => C:\Users\James\AppData\Roaming\YQYNHAQU.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-25 19:01 - 2017-02-09 14:57 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-26 19:06 - 2012-10-04 18:49 - 000087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2012-08-31 15:09 - 2012-06-01 01:42 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-28 19:29 - 2017-10-10 17:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-06-26 17:51 - 2012-12-06 14:46 - 000047616 _____ () C:\Windows\SysWOW64\RegAss.exe
2012-08-31 15:12 - 2012-05-02 11:24 - 000064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2012-08-31 15:12 - 2012-05-02 11:27 - 000049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2018-02-12 20:59 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-12 20:59 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-09-17 19:10 - 2012-09-17 19:10 - 000248704 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-05-12 01:49 - 2014-05-12 01:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-02-13 14:59 - 2018-02-09 20:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 14:59 - 2018-02-09 20:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-08 23:28 - 2018-01-03 01:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 23:28 - 2018-01-03 01:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-29 10:48 - 2018-01-29 10:48 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-29 10:48 - 2018-01-29 10:48 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-29 10:48 - 2018-01-29 10:48 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-29 10:48 - 2018-01-29 10:48 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-29 10:48 - 2018-01-29 10:48 - 000667136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-02 00:57 - 2018-02-02 00:58 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-02-10 17:53 - 2018-02-10 18:09 - 061401088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-01-27 11:34 - 2018-01-27 11:36 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-01-27 11:34 - 2018-01-27 11:36 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 016183296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-02-10 17:53 - 2018-02-10 18:08 - 003226112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-02-01 03:47 - 2018-02-01 03:48 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 000090624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-01-27 11:34 - 2018-01-27 11:36 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 000618496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-02-10 17:53 - 2018-02-10 18:09 - 000200192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\SKU.dll
2012-08-31 15:09 - 2018-02-16 12:25 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-08-31 15:09 - 2010-06-28 18:58 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-02-12 21:05 - 2018-02-12 21:05 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-12 21:04 - 2018-02-12 21:04 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-12 21:04 - 2018-02-12 21:04 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-12 21:03 - 2018-02-12 21:03 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-02-09 17:10 - 2018-02-08 12:10 - 000740168 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-02-09 17:10 - 2018-02-08 12:10 - 002079048 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-07-13 12:28 - 2018-02-08 12:10 - 000100312 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000018896 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\select.pyd
2017-07-13 12:28 - 2018-02-08 12:12 - 000020808 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000035808 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000694232 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000021856 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000130520 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 001856864 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000022880 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-02-09 17:10 - 2018-02-08 12:10 - 000145880 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-02-09 17:10 - 2018-02-08 12:10 - 000116696 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-07-13 12:28 - 2018-02-08 12:10 - 000105944 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000022872 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000063312 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000024536 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000077120 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-02-09 17:10 - 2018-02-08 12:10 - 000020952 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000124888 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000116184 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-02-09 17:10 - 2018-02-08 12:10 - 000392664 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-07-13 12:28 - 2018-02-08 12:12 - 000392520 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000026464 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000024024 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000175576 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000030168 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000043480 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-09-21 14:13 - 2018-02-08 12:10 - 000026072 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000048600 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000057816 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000021840 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-09-09 04:47 - 2018-02-08 12:13 - 000023376 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000022864 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-07-13 12:28 - 2018-02-08 12:12 - 000066400 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 001796416 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000084944 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\sip.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 001956672 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 003859272 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000155472 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000521032 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000051024 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000043336 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000131400 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000219984 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000204104 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000025440 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000060888 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000054616 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000024024 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000022880 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-07-13 12:28 - 2018-02-08 12:12 - 000100704 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000028632 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000022368 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000021856 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000022368 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000027496 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 12:28 - 2018-02-08 12:10 - 000349144 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000101704 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000023904 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000025432 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-02-09 17:10 - 2018-02-08 12:10 - 000036312 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\librsync.dll
2018-02-09 17:10 - 2018-02-08 12:12 - 000032608 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2018-02-09 17:10 - 2018-02-08 12:10 - 000293392 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2018-01-11 17:32 - 2018-02-08 12:13 - 000021856 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000181064 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-07-13 12:28 - 2018-02-08 12:12 - 000030544 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000024384 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-02-09 17:10 - 2018-02-08 12:12 - 001638208 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-07-13 12:28 - 2018-02-08 12:13 - 000026464 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000545096 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000359232 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-02-09 17:10 - 2018-02-08 12:12 - 000038216 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-07-13 12:28 - 2018-02-08 12:13 - 000022880 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\winffi.shcore.compiled._winffi_shcore.pyd
2015-05-20 08:59 - 2015-05-20 08:59 - 002291712 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\gopro-lib-win-analytics.dll
2017-02-28 19:29 - 2017-10-10 17:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-10-09 08:47 - 2012-06-25 10:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-12-22 14:28 - 2017-12-22 14:28 - 000630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_regex-vc120-mt-1_55.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000031512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBCompressor.dll
2018-01-08 01:00 - 2018-01-08 01:00 - 000662808 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FtuEngine.dll
2018-01-08 01:00 - 2018-01-08 01:00 - 000689432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\BackupLib.dll
2014-12-06 18:11 - 2014-12-06 18:11 - 038715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\libcef.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000085784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBProActiveCore.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000102168 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBMAPILibrary.dll
2014-12-06 18:14 - 2014-12-06 18:14 - 000059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\zlib1.dll
2018-01-08 01:00 - 2018-01-08 01:00 - 000245528 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_serialization-vc120-mt-1_55.dll
2018-01-08 01:00 - 2018-01-08 01:00 - 001216280 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FeaturesBridge.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000067864 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\mbpopup.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000024344 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\IPDWidgetBridge.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000109848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\IPDWidgetInterop.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000517912 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\SyncManagerUtils.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000129304 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QB2WPFBridge.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000071448 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\ReportBridge.dll
2018-01-08 01:02 - 2018-01-08 01:02 - 000048408 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\Webification.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000149784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\htmlhelper.dll
2018-01-08 01:00 - 2018-01-08 01:00 - 000968984 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\HPD.dll
2018-01-08 01:01 - 2018-01-08 01:01 - 000057112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QB2WPFBridgeWebViewContainer.dll
2016-08-23 05:51 - 2017-12-01 06:37 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\Users\James\Desktop\Becker REG Folder:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\BNSF Passwords.jpg:com.dropbox.attributes [426]
AlternateDataStreams: C:\Users\James\Desktop\CPA FinancialAccountingandReporting PDF SIM.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\debug.log:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\DeWolfe Crane leterhead.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\Linkbelt Accident Emails:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\Linkbelt accident letter 3-16-15 signed348.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\Wiley 2012 Testbank CD:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\Desktop\Wiley 2013-14 Complete:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_0favicon1129903636 [310]
AlternateDataStreams: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_1favicon-298702541 [8574]
AlternateDataStreams: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_2favicon-1464078272 [1790]
AlternateDataStreams: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_3favicon-860043155 [8574]
AlternateDataStreams: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_4favicon640180837 [8574]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\belkin.com -> hxxp://netcam-webserver-eu.belkin.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\belkin.com -> hxxps://netcam-webserver-eu.belkin.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\bt.com -> hxxp://myhomecam.bt.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\bt.com -> hxxps://myhomecam.bt.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\linksys.com -> hxxp://wnc.linksys.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\linksys.com -> hxxps://wnc.linksys.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\seedonk.com -> hxxp://www.seedonk.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\seedonk.com -> hxxps://www.seedonk.com
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\seedonk.com.cn -> hxxp://www.seedonk.com.cn
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\seedonk.com.cn -> hxxps://www.seedonk.com.cn
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\singnet.com.sg -> hxxp://homelivecam-webserver.singnet.com.sg
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\singnet.com.sg -> hxxps://homelivecam-webserver.singnet.com.sg
IE trusted site: HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2018-02-12 22:57 - 000002162 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-543752171-4003080874-1251698838-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "VizorHtmlDialog.exe"
HKLM\...\StartupApproved\Run: => "Trend Micro Client Framework"
HKLM\...\StartupApproved\Run: => "Trend Micro Titanium"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "Memeo Instant Backup"
HKLM\...\StartupApproved\Run32: => "Seagate Dashboard"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-543752171-4003080874-1251698838-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_56A5DD65E1722655E7BE69E273F6889A"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{615364D2-FEC9-4A55-B188-23DDB09F90CB}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3160CCF1-8886-4205-B10C-42D20E07286E}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{E3A3CD31-2FEF-46A1-911C-E2A6364356BB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0BEA7229-45B6-4277-8CA8-585420F72BFF}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{9D1541F1-E25C-4F7A-B8AB-9BF16AFAF534}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F9FF501A-BFE1-4B21-A425-25E1DDC4D7E9}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{DB17461A-4FB3-43F8-80B7-3047069EC0DA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4568412C-BAE0-4946-8F48-E054765D0574}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{983DE523-978B-4B61-B544-F240A8D15F1E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{532CC3F7-24AB-4AE9-B6B8-3578CAC441F3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{114029F4-193E-4F79-8545-0A4250202705}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EDFA8CE9-5FA3-4B74-B54C-8A29AC6B3F7E}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2F043652-F9DB-4E8A-B5F9-E140EBF1FD08}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{71CE41BD-9965-483C-B479-2DDFACE07C04}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{398BBD2C-CE51-417A-8FB8-4ED334815AC5}C:\users\james\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\james\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9EAD798D-82D6-4EF8-8A87-A2B128722A48}C:\users\james\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\james\appdata\roaming\utorrent\utorrent.exe

==================== Restore Points =========================

13-02-2018 14:54:31 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2018 04:30:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 18.9.20050.57426, time stamp: 0x5a1c73c5
Faulting module name: AcroRd32.dll, version: 18.9.20050.57426, time stamp: 0x5a1c73a4
Exception code: 0xc0000005
Fault offset: 0x000c03e3
Faulting process id: 0xed4
Faulting application start time: 0x01d3aaaae8a0e678
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Report Id: 60908087-7aca-4d17-8d32-49452d9272bb
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2018 08:13:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (02/20/2018 08:13:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (02/20/2018 08:13:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2018 02:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.16299.248, time stamp: 0x13ae3814
Exception code: 0xe0434352
Fault offset: 0x001008c2
Faulting process id: 0x1f6c
Faulting application start time: 0x01d3aa31f0582037
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 1211580d-2a2a-44e8-b588-b0a5e862c38c
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2018 02:04:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (02/19/2018 04:36:02 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (02/19/2018 04:36:02 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\QB DATA\C L Crane.QBW;ENG=QB_data_engine_25;DBN=d097884f92a240bfbf18ea625265bf93


System errors:
=============
Error: (02/20/2018 08:13:15 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/20/2018 05:41:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/20/2018 05:41:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Account Sign-in Assistant service to connect.

Error: (02/20/2018 02:29:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/19/2018 10:27:06 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/19/2018 05:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/19/2018 02:01:59 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/18/2018 06:16:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
===================================
Date: 2018-02-12 17:42:02.634
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {96AD6E0F-6F1A-4249-89A4-02B29589668C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-12 15:50:13.439
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E86F93AD-9E5F-4141-8F97-1FCB328652C7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-29 15:55:25.363
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F009701D-7B8E-43BA-B700-DF06A5F97256}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-29 15:50:24.843
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EB4D5450-1640-4770-A875-66C77D0025F8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-29 15:41:24.361
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1AEB9BEC-C48A-494A-8682-7F315866D896}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-12 20:31:35.263
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1088.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-12 20:31:35.262
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-12 20:31:35.254
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1088.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-12 20:31:35.254
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1088.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-12 20:31:35.254
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1088.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-02-20 18:22:55.453
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:22:55.451
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:18:19.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:18:19.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:18:17.851
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:18:17.848
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:06:20.025
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-20 18:06:20.022
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 67%
Total physical RAM: 8145.04 MB
Available physical RAM: 2644.73 MB
Total Virtual: 13009.04 MB
Available Virtual: 3704.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1847.05 GB) (Free:1607.25 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{59af51ac-20b9-4081-9382-10ea370eec58}\ (Windows RE tools) (Fixed) (Total:0.59 GB) (Free:0.36 GB) NTFS
\\?\Volume{ac8a916b-aef7-4c8a-a930-043648ee2415}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
\\?\Volume{479a9e19-16af-4abd-9ba8-dc60d240ee04}\ (Recovery image) (Fixed) (Total:15 GB) (Free:1.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 58FE4E24)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 February 2018 - 10:20 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 20 February 2018 - 11:05 PM

Greetings Stephen.

I am ending for the evening so I will check for your reply in the morning.

Please do this to gather some addtional information.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
Virustotal: C:\Users\James\AppData\Roaming\DRI.exe
Virustotal: C:\Windows\SysWOW64\RegAss.exe
Virustotal: C:\Users\James\AppData\Roaming\RI.exe
Virustotal: C:\Users\James\AppData\Roaming\YQYNHAQU.exe
Virustotal: C:\Users\James\AppData\Roaming\TWYUDWE.exe
Folder: C:\MATS
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 23 February 2018 - 08:41 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 23 February 2018 - 07:40 PM

Hi Gary, I believe I did as you asked. Let me know what else you may need.
Thank you.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2018
Ran by James (23-02-2018 16:37:39) Run:1
Running from C:\Users\James\Desktop
Loaded Profiles: James (Available Profiles: James)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
Virustotal: C:\Users\James\AppData\Roaming\DRI.exe
Virustotal: C:\Windows\SysWOW64\RegAss.exe
Virustotal: C:\Users\James\AppData\Roaming\RI.exe
Virustotal: C:\Users\James\AppData\Roaming\YQYNHAQU.exe
Virustotal: C:\Users\James\AppData\Roaming\TWYUDWE.exe
Folder: C:\MATS
 
*****************
 
C:\ProgramData\Temp => ":373E1720" ADS removed successfully
"VirusTotal: C:\Users\James\AppData\Roaming\DRI.exe" => not found
"VirusTotal: C:\Users\James\AppData\Roaming\RI.exe" => not found
"VirusTotal: C:\Users\James\AppData\Roaming\YQYNHAQU.exe" => not found
"VirusTotal: C:\Users\James\AppData\Roaming\TWYUDWE.exe" => not found
 
========================= Folder: C:\MATS ========================
 
2018-02-13 14:10 - 2018-02-13 14:10 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\MATS\{B8984934-ED63-43B4-B1CF-B3928B55F05D}
2018-02-13 14:10 - 2018-02-13 14:10 - 000015364 ____A [5D1704FDB3DC7D5407ADAABBA6EF19D4] () C:\MATS\{B8984934-ED63-43B4-B1CF-B3928B55F05D}\registryBackupTemplate.xml
2018-02-13 14:10 - 2018-02-13 14:10 - 000008742 ____A [B482935380CE52947787C99324E4152D] () C:\MATS\{B8984934-ED63-43B4-B1CF-B3928B55F05D}\RestoreYourFilesAndRegistry.ps1
 
====== End of Folder: ======
 
 
==== End of Fixlog 16:37:39 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,984 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 24 February 2018 - 10:39 AM

Greetings.

Thank you for your patience. The report is exactly what I needed.

If a process is stopped by RKill that does not necessarily mean the process is malicious. I can find no credible evidence the Regass.exe file is malicious.

Can you post the RKill report so I can see what you were referring to in your initial post?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 27 February 2018 - 12:58 AM

Ok can do tomorrow, thank you.
Thanks again for your time and patience :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users