Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer freezing up, firewall blocking odd IPs, dashost.exe not normal


  • This topic is locked This topic is locked
1 reply to this topic

#1 wardr

wardr

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 07 May 2018 - 07:22 AM

Computer starting to freeze for 5-10 seconds when opening programs, this is not normal for me as all programs including process heavy ones (photoshop, etc) usually open right up for me.  I've noticed odd firewall activity that isn't typical traffic outgoing packets always on port 80.  

 

Strangest of all though was I noticed dashost.exe process running listening for packets over port 58882 and 3702.  Further investigation in its properties shown this file to be located in windows/syswow64 and it is 0 bytes.  Further investigation of this file has shown it to have the old MS DOS icon (like this http://www.miguelcarrasco.net/miguelcarrasco/WindowsLiveWriter/MS-DOS_icon.png), it was created on 5/6/18 (yesterday), and a command line starting attribute of "c:\windows\system32\dashost.exe", which is where the regular file is located. Also if I push advanced in the properties from inside my firewall on this file, it uses custom MS DOS initalization files in the windows PIF settings: "Autoexec file name: %SYSTEMROOT%\system32\autoexec.nt" and "config file name: %SYSTEMROOT%\system32\config.nt".

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01

Ran by Ryan (administrator) on WENTZ (07-05-2018 06:15:39)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & Administrator (Available Profiles: Ryan & Mal & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Plex, Inc.) C:\Servers\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Everything\Everything.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitReader.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PortableApps.com) D:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(PortableApps.com) D:\PortableApps\SystemExplorerPortable\SystemExplorerPortable.exe
(Mister Group) D:\PortableApps\SystemExplorerPortable\App\SystemExplorer\SystemExplorer.exe
(Mister Group) D:\PortableApps\SystemExplorerPortable\App\SystemExplorer\service\SystemExplorerService64.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Telegram Messenger LLP) C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcMap.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISConnection.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\AppROT.exe
() C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe
(The GnuPG Project) C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFReport.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465608 2017-10-01] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-03-30] (Tonec Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5488080 2018-03-23] (SecureMix LLC)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\MountPoints2: {681a7406-dfb6-11e7-bf2e-c00c37bcec54} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-21-1125547639-1294637962-2935245663-500\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2018-03-31]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-12]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2018-05-06]
ShortcutTarget: Telegram.lnk -> C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
AlternateShell: 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1125547639-1294637962-2935245663-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-13] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7og14rox.default
FF DefaultProfile: th12gtab.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default [2018-05-07]
FF Session Restore: Mozilla\Firefox\Profiles\7og14rox.default -> is enabled.
FF Extension: (Disconnect) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Geolocater) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\geolocater@3liz.com [2016-11-20] [Legacy]
FF Extension: (Disable CSS) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-1VwU0d7h7azvou6XbFWe9tmQyoQ@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-29] [Legacy]
FF Extension: (Decentraleyes) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2018-02-26]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-30] [Legacy]
FF Extension: (Save as PDF) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-11-14]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\support@lastpass.com.xpi [2018-04-21]
FF Extension: (Google Translator for Firefox) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\translator@zoli.bod.xpi [2018-04-12]
FF Extension: (uBlock Origin) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-07]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2018-01-31]
FF Extension: (Capture & Print) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2018-01-17]
FF Extension: (JavaScript on-off applet) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-04-03] [Legacy]
FF Extension: (RightToClick) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-06-24] [Legacy]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\th12gtab.default [2018-05-07]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Ryan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2017-04-15] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-23] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4338640 2018-03-23] (SecureMix LLC)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Servers\Plex Media Server\Plex Update Service.exe [2212328 2018-03-29] (Plex, Inc.)
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
R2 SNMP; C:\WINDOWS\System32\snmp.exe [50688 2018-03-30] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2018-03-30] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2017-10-31] () [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S4 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [698296 2016-03-10] (Károly Pados) [File not signed]
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-19] (Reason Software Company Inc.)
R2 vmms; C:\WINDOWS\system32\vmms.exe [13838336 2018-01-01] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S4 hippovnc_service; "C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe" -service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [19456 2018-04-19] (Microsoft Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-25] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2018-05-07] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-26] (Malwarebytes)
R1 MpKsle1f1b5bd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3BCF67D-F8BE-4427-868A-EB791AFBA957}\MpKsle1f1b5bd.sys [58120 2018-05-07] (Microsoft Corporation)
R0 Mrvdp; C:\WINDOWS\System32\drivers\mrvdp.sys [64944 2017-12-01] (Windows ® Win 7 DDK provider)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [22016 2018-04-19] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows ® Win 7 DDK provider)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [28160 2018-04-19] (Microsoft Corporation)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [40888 2017-08-20] (USBPcap)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [18944 2018-04-19] (Microsoft Corporation)
R3 VMSMP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [688640 2018-02-08] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation)
S4 dbx; system32\DRIVERS\dbx.sys [X]
S4 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-07 06:15 - 2018-05-07 06:16 - 000026704 _____ C:\Users\Ryan\Desktop\FRST.txt
2018-05-07 06:14 - 2018-05-07 06:15 - 000000000 ____D C:\FRST
2018-05-07 06:13 - 2018-05-07 06:13 - 002406912 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2018-05-07 05:05 - 2018-05-07 05:05 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2018-05-06 19:40 - 2018-05-06 19:40 - 000000016 _____ C:\Users\Ryan\Desktop\rpp.txt
2018-05-06 02:29 - 2018-05-06 02:29 - 000000000 ___HD C:\WINDOWS\PIF
2018-05-06 02:26 - 2018-05-06 02:26 - 000000000 _____ C:\WINDOWS\SysWOW64\dasHost.exe
2018-05-06 00:17 - 2018-05-06 00:20 - 000000000 ____D C:\AdwCleaner
2018-05-05 23:33 - 2018-05-06 00:21 - 000227326 _____ C:\WINDOWS\ntbtlog.txt
2018-05-05 23:30 - 2018-05-07 05:50 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-05 08:13 - 2018-05-05 08:13 - 000000000 ____D C:\Users\Ryan\.gnome2
2018-05-04 23:08 - 2018-05-04 23:08 - 000000000 ___DL C:\project
2018-05-04 20:11 - 2018-05-04 20:11 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\AMD
2018-04-25 16:29 - 2018-04-25 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-24 03:06 - 2018-04-24 03:07 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-04-24 03:01 - 2018-04-24 03:02 - 000000000 ____D C:\AMD
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-23 22:42 - 2018-04-23 22:44 - 000000000 ____D C:\delete
2018-04-23 20:54 - 2015-10-26 19:00 - 000001759 _____ C:\Users\Ryan\Desktop\Get-Distance.ps1
2018-04-23 05:15 - 2018-04-23 05:15 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-22 04:56 - 2018-04-22 04:56 - 000000000 ____D C:\Program Files (x86)\AM-DeadLink
2018-04-22 01:41 - 2018-04-22 01:41 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-04-22 01:40 - 2018-04-22 01:41 - 000000000 ____D C:\ProgramData\EPSON
2018-04-22 01:40 - 2018-04-22 01:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-04-22 01:39 - 2010-09-28 18:01 - 000118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHWA.DLL
2018-04-22 01:39 - 2010-08-09 18:02 - 000083456 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHWA.DLL
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\Program Files (x86)\Privacyware
2018-04-22 01:29 - 2013-09-29 21:24 - 000133152 _____ (Privacyware/PWI, Inc.) C:\WINDOWS\system32\Drivers\pwipf6.sys
2018-04-22 01:06 - 2018-04-22 01:06 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Moonchild Productions
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2018-04-20 07:30 - 2015-03-08 19:25 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickvpexchange.dll
2018-04-20 07:30 - 2015-03-08 19:24 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicguestinterface.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicshutdown.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimesync.dll
2018-04-20 07:30 - 2015-03-08 19:22 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicheartbeat.dll
2018-04-20 07:30 - 2015-03-08 19:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvss.dll
2018-04-20 07:30 - 2015-03-08 19:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\GRASS7
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 7.0.4
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\Documents\grassdata
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Program Files\GRASS GIS 7.0.4
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-04-19 17:35 - 2018-05-05 21:19 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3}
2018-04-19 17:35 - 2018-05-05 21:19 - 000003684 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2}
2018-04-19 17:18 - 2018-04-19 17:21 - 000005797 _____ C:\WINDOWS\Macrium Reflect Patch Log.txt
2018-04-19 16:46 - 2018-05-06 00:38 - 027715584 _____ C:\WINDOWS\system32\vmguest.iso
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\vmguest
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\CMAK
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files (x86)\CMAK
2018-04-19 16:12 - 2018-05-06 00:22 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-04-18 18:41 - 2018-04-18 18:38 - 000383786 _____ C:\bootmgr
2018-04-18 18:19 - 2013-04-18 15:54 - 000010414 _____ C:\WINDOWS\system32\athw8x.cat
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2018-04-18 00:02 - 2018-05-05 21:22 - 000003880 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28}
2018-04-18 00:02 - 2018-05-05 21:21 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F}
2018-04-18 00:02 - 2018-04-19 17:35 - 000000000 ____D C:\Users\Ryan\Documents\Reflect
2018-04-17 23:35 - 2018-04-17 23:35 - 000001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium viBoot.lnk
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\Program Files\Macrium
2018-04-17 23:13 - 2018-04-18 18:37 - 000000000 ____D C:\ProgramData\Macrium
2018-04-17 22:42 - 2018-04-17 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-04-17 21:47 - 2018-04-17 21:47 - 000000000 ____D C:\Users\Ryan\Documents\WinMerge
2018-04-17 20:34 - 2018-04-17 20:34 - 000000000 ___DL C:\subsonic
2018-04-17 20:16 - 2018-04-17 20:31 - 000000000 ____D C:\Servers
2018-04-17 18:58 - 2018-04-17 18:12 - 000040592 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2018-04-17 18:58 - 2018-01-30 10:26 - 000076968 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRCBT.sys
2018-04-17 18:58 - 2018-01-30 09:28 - 000088944 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\MRCBTES.dll
2018-04-17 15:35 - 2018-04-17 15:35 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-04-17 15:22 - 2018-04-17 15:22 - 000000366 _____ C:\TDSSKiller.3.1.0.12_17.04.2018_15.22.27_log.txt
2018-04-17 14:35 - 2018-05-07 05:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\gnupg
2018-04-17 14:35 - 2018-05-07 02:56 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\kleopatra
2018-04-17 14:35 - 2018-04-17 14:35 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-04-17 01:48 - 2018-04-17 01:52 - 000000000 ____D C:\ProgramData\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\Program Files\UCheck
2018-04-17 01:41 - 2018-04-17 01:41 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-13 16:28 - 2018-05-06 22:17 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Telegram Desktop
2018-04-13 16:28 - 2018-04-13 16:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-04-13 12:23 - 2018-04-13 12:38 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Wireshark
2018-04-13 12:21 - 2018-04-13 12:21 - 000001800 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\Wireshark
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\USBPcap
2018-04-12 02:36 - 2018-04-12 02:36 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2018-04-12 00:18 - 2018-04-16 20:33 - 000000000 ____D C:\wallets
2018-04-12 00:18 - 2018-04-12 00:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum-LTC
2018-04-11 14:40 - 2018-05-05 02:15 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum
2018-04-10 18:01 - 2018-03-23 08:50 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-04-10 18:01 - 2018-03-22 18:00 - 025742336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 18:01 - 2018-03-22 16:26 - 020287488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 18:01 - 2018-03-22 16:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 18:01 - 2018-03-22 16:15 - 005780480 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 18:01 - 2018-03-22 16:06 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 18:01 - 2018-03-22 15:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 18:01 - 2018-03-22 15:42 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 18:01 - 2018-03-22 15:37 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 18:01 - 2018-03-22 15:29 - 015282688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 18:01 - 2018-03-22 15:29 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 18:01 - 2018-03-22 15:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 18:01 - 2018-03-22 15:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 18:01 - 2018-03-22 15:27 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 18:01 - 2018-03-22 15:21 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 18:01 - 2018-03-22 15:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 18:01 - 2018-03-22 15:20 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 18:01 - 2018-03-22 15:15 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 18:01 - 2018-03-22 15:15 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 18:01 - 2018-03-22 15:15 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 18:01 - 2018-03-22 15:14 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 18:01 - 2018-03-22 15:04 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 18:01 - 2018-03-22 14:55 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 18:01 - 2018-03-22 14:53 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 18:01 - 2018-03-22 14:52 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 18:01 - 2018-03-22 14:51 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 18:01 - 2018-03-10 12:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 18:01 - 2018-03-09 19:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 18:01 - 2018-03-09 19:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 18:01 - 2018-03-09 16:20 - 007405392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 18:01 - 2018-03-09 16:20 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 18:01 - 2018-03-09 16:20 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 18:01 - 2018-03-09 16:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 18:01 - 2018-03-09 14:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 18:01 - 2018-03-09 09:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 18:01 - 2018-03-08 14:53 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2018-04-10 18:01 - 2018-03-08 13:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-04-10 18:01 - 2018-03-08 13:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-04-10 18:01 - 2018-03-08 09:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 18:01 - 2018-03-07 18:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 18:01 - 2018-03-07 18:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 18:01 - 2018-03-07 14:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 18:01 - 2018-03-07 13:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 18:01 - 2018-03-03 12:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 18:01 - 2018-03-03 12:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 18:01 - 2018-02-09 20:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 18:01 - 2018-02-09 20:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 18:01 - 2018-02-09 12:44 - 000276304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 18:01 - 2018-02-09 12:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 18:01 - 2018-02-08 13:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 18:01 - 2018-02-08 13:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 18:01 - 2018-02-08 13:21 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2018-04-10 18:01 - 2018-02-08 13:18 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2018-04-10 18:01 - 2018-02-08 13:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-04-10 18:01 - 2018-02-08 13:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-04-10 18:01 - 2018-02-08 12:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 18:01 - 2018-02-08 12:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 18:01 - 2018-02-08 12:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 18:01 - 2018-02-08 12:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 18:01 - 2018-02-08 12:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 18:01 - 2018-02-08 12:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 18:01 - 2018-02-08 12:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-04-10 18:01 - 2018-02-08 12:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 18:01 - 2018-02-08 12:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 18:01 - 2018-01-25 09:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-10 18:01 - 2018-01-25 09:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-10 17:52 - 2018-03-16 13:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:52 - 2018-03-14 08:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:52 - 2018-03-14 08:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:11 - 2018-04-10 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2018-04-10 17:11 - 2018-04-10 17:11 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-04-10 17:11 - 2015-05-28 23:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-10 14:28 - 2018-04-23 23:20 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Videos
2018-04-10 14:26 - 2018-04-23 22:46 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Temp Files
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ C:\Users\Ryan\AppData\Roaming\version2.xml
2018-04-08 21:10 - 2018-04-08 21:10 - 000000748 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subsonic.lnk
2018-04-08 08:57 - 2018-04-08 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BehavePlus5
2018-04-08 08:57 - 2018-04-08 08:57 - 000000000 ____D C:\Behave
2018-04-07 14:04 - 2018-04-10 22:17 - 016190640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-07 05:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-07 05:23 - 2015-12-19 09:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2018-05-07 04:38 - 2016-11-18 10:56 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\Mozilla
2018-05-07 03:26 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2018-05-06 14:33 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-06 00:56 - 2015-12-19 09:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2018-05-06 00:26 - 2014-11-21 03:43 - 000808718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-06 00:26 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-06 00:23 - 2015-12-24 10:04 - 000000000 ___DO C:\Users\Ryan\OneDrive
2018-05-06 00:22 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-06 00:22 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-05 23:33 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-05-05 23:32 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2018-05-05 08:13 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2018-05-05 02:32 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\IDM
2018-04-25 16:29 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-24 02:32 - 2016-02-13 04:06 - 000000000 ____D C:\Users\Ryan\Documents\Outlook Files
2018-04-23 22:47 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2018-04-23 22:44 - 2016-04-17 21:04 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\OBS
2018-04-22 01:29 - 2016-02-21 02:35 - 000000146 _____ C:\WINDOWS\ODBC.INI
2018-04-21 22:40 - 2015-12-25 12:44 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-04-21 01:50 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-20 01:37 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2018-04-19 19:41 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2018-04-19 19:41 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-04-19 16:44 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\schemas
2018-04-19 16:40 - 2018-03-14 04:45 - 006288896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-04-19 16:40 - 2017-09-14 13:17 - 000068952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000019800 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-19 16:40 - 2014-11-21 04:19 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2018-04-19 16:40 - 2014-11-21 04:17 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthnic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmulatedNic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthstor.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthfcvdev.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2018-04-19 16:40 - 2013-08-22 06:48 - 000014688 _____ C:\WINDOWS\system32\sbresources.dll
2018-04-19 16:40 - 2013-08-22 06:46 - 001466522 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2018-04-19 16:40 - 2013-08-22 06:39 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2018-04-19 16:40 - 2013-08-22 06:39 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2018-04-19 16:40 - 2013-08-22 06:38 - 000039739 _____ C:\WINDOWS\system32\hypervisor.mof
2018-04-19 16:40 - 2013-08-22 05:59 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2018-04-19 16:40 - 2013-08-22 05:35 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2018-04-19 16:40 - 2013-08-22 04:53 - 000033280 _____ C:\WINDOWS\system32\ActivationVdev.dll
2018-04-19 16:40 - 2013-08-22 04:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2018-04-19 16:40 - 2013-08-22 03:25 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2018-04-19 16:40 - 2013-08-22 02:35 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2018-04-19 16:20 - 2016-05-29 20:52 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2018-04-18 18:19 - 2016-02-12 21:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-17 22:42 - 2015-12-24 10:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-17 20:29 - 2016-03-18 18:33 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2018-04-17 20:19 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-04-17 15:35 - 2017-09-25 16:53 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-17 01:41 - 2016-05-29 20:52 - 000000000 ____D C:\ProgramData\Skype
2018-04-17 00:29 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-16 18:06 - 2016-04-22 21:24 - 000004042 _____ C:\WINDOWS\System32\Tasks\WeeklyFullBackup
2018-04-16 12:30 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-15 21:53 - 2015-12-25 11:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2018-04-13 12:22 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-13 12:22 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-12 08:57 - 2017-04-04 21:13 - 000000000 ____D C:\Users\Ryan\.matplotlib
2018-04-12 01:12 - 2015-12-25 10:38 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-11 05:16 - 2016-12-30 19:09 - 000000000 ____D C:\Users\Ryan\.qgis2
2018-04-10 22:16 - 2015-12-24 11:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 22:16 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-04-10 18:39 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 18:36 - 2017-10-13 12:58 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-10 18:36 - 2015-12-23 23:50 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-10 13:56 - 2016-05-27 02:08 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2018-04-10 13:56 - 2016-05-27 02:07 - 000000000 ____D C:\WINDOWS\system32\1033
2018-04-10 13:56 - 2016-05-27 01:52 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-04-10 00:30 - 2017-10-28 13:08 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\LastPass
2018-04-10 00:06 - 2016-02-17 22:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2018-04-08 19:36 - 2016-06-03 04:12 - 000000000 ___RD C:\Users\Ryan\Box Sync
2018-04-08 19:34 - 2016-03-17 21:16 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\MPC-HC
2018-04-08 19:21 - 2018-03-18 22:10 - 000000000 ____D C:\ProgramData\TinyWall
2018-04-08 19:18 - 2017-11-24 10:35 - 000004132 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-08 19:18 - 2016-04-17 20:58 - 000002784 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-08 19:12 - 2018-03-18 22:10 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\TinyWall
2018-04-07 17:27 - 2013-08-22 10:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-07 17:26 - 2016-02-13 00:45 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-04-07 14:13 - 2016-02-12 22:08 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-04-07 13:58 - 2015-12-24 09:46 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-07 13:58 - 2013-08-22 10:36 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
 
==================== Files in the root of some directories =======
 
2016-07-08 23:43 - 2016-07-08 23:44 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-05-10 20:57 - 2017-08-29 15:52 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ () C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ () C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ () C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ () C:\Users\Ryan\AppData\Roaming\version2.xml
2016-05-10 15:51 - 2018-05-04 20:17 - 000001456 _____ () C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
2018-03-11 02:21 - 2018-03-31 12:53 - 000000600 _____ () C:\Users\Ryan\AppData\Local\PUTTY.RND
2018-05-05 08:13 - 2018-05-05 08:13 - 000000776 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2016-02-12 22:46 - 2018-04-16 17:08 - 000007664 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-01-01 09:48 - 2017-01-01 09:48 - 000018432 _____ () C:\Users\Ryan\AppData\Local\WebpageIcons.db
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dasHost.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-05 21:31
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Ryan (07-05-2018 06:16:24)
Running from C:\Users\Ryan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
backup (S-1-5-21-1125547639-1294637962-2935245663-1008 - Limited - Enabled)
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Mal (S-1-5-21-1125547639-1294637962-2935245663-1007 - Limited - Enabled) => C:\Users\Mal
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acrylic Wi-Fi Home v3.3 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.3 - Tarlogic Research S.L.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{0368352A-8996-4E80-B9A1-B1BA43FAE6E6}) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 1 (2.1.1) (HKLM\...\ArcGISPro Update211) (Version: ArcGIS Pro 2.1 Patch 1 (2.1.1) - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 2 (2.1.2) (HKLM\...\ArcGISPro Update212) (Version: ArcGIS Pro 2.1 Patch 2 (2.1.2) - Environmental Systems Research Institute, Inc.)
BehavePlus 5.0.5 (HKLM-x32\...\BehavePlus 5.0.5) (Version: BehavePlus 5.0.5 - US Forest Service & Systems for Environmental Management)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.11.2 (HKLM-x32\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.102 - SecureMix LLC)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.6 - The GnuPG Project)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (3.1.0) (HKLM-x32\...\Gpg4win) (Version: 3.1.0 - The Gpg4win Project)
GRASS GIS 7.0 (x86_64) (HKLM-x32\...\GRASS GIS 7.0.4) (Version: 7.0.4-1 - GRASS Development Team)
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infix PDF Editor version 7.2.4.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 7.2.4.0 - Iceni Technology)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\{5C6B042F-4CF9-4FAA-B6E3-114ED13B3F1F}) (Version: 7.1.3147 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Pale Moon (x86 en-US) (HKLM-x32\...\Pale Moon (x86 en-US)) (Version: 27.9.0 - Moonchild Productions)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{7FF4B7DE-1868-4FC7-85D1-71AB4A9854AA}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{a5994029-1812-4589-9a98-d383ef836659}) (Version: 1.12.2.4929 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Stopping Plex (HKLM-x32\...\{21805CDC-99F9-4FC3-9862-E9A23217F9B2}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Telegram Desktop version 1.2.17 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.17 - Telegram Messenger LLP)
TinyWall (HKLM-x32\...\{20E767BE-FE75-4429-8722-A5D75AC2FCA6}) (Version: 2.1.8.0 - Károly Pados)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
UCheck version 2.3.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.3.0 - Adlice Software)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\WinDirStat) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Wireshark 2.4.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.6 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-03-30] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D6AA24E-9BC2-4D82-8A3F-740A8F0010DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {199570A0-61A9-47D9-9B7F-9C215DEE5C6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {28FC4995-C863-42E8-867A-492B826A57B4} - System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {3707E839-088F-43E2-A580-2370CAC4F9CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {41934EE9-4FAC-43A4-8375-3EC9C4021BA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {567BE05C-6E82-49AB-916D-EFD2C668A9CC} - System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {5F8563ED-B7ED-4AB5-B381-207DDEF8E420} - System32\Tasks\{E907829C-0BD6-4E9D-8CF2-E656FBFB36AC} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\R291793.exe -d C:\Users\Ryan\Desktop
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {70FA3629-E3CD-4518-B867-3EB608E9016E} - System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:B: -include:C: -allCritical -quiet]
Task: {A5B3709B-E471-4213-8109-23C8C7CEC681} - System32\Tasks\{CD235A97-B409-463F-8E8F-CF79FF19B93C} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\I580-A07.EXE -d C:\Users\Ryan\Desktop
Task: {A7F01DBB-90CD-4B80-8BE4-D2D5379A2A9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {BD4FB12E-10C1-4472-98A7-B4C962CAC8D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {C04F1DBD-C070-4B04-ACE5-C631CD2FF95E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {C6F5060D-FE85-4DB6-AD4A-70A11B52C2B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {D703BE43-55DC-4F4E-A794-F71F09CC535F} - System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {DD1C45E3-C460-41DC-AE54-BDDC3A53A11D} - System32\Tasks\SanDisk_SSD_TRIM_172437464102 => C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboard.exe [2017-07-06] (Western Digital Corporation or its affiliates)
Task: {E5FBB09D-19E1-49D9-B45B-42757316272D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2018-03-04] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-13 00:45 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2017-10-31 13:44 - 2017-10-31 13:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2015-04-15 15:13 - 2015-04-15 15:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-31 13:44 - 2017-10-31 13:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2018-04-13 02:56 - 2018-04-13 02:56 - 003607040 _____ () C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe
2017-10-13 13:07 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-23 02:41 - 2018-03-23 02:41 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000083432 _____ () C:\Servers\Plex Media Server\zlib.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000203240 _____ () C:\Servers\Plex Media Server\libidn.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-01-24 15:19 - 2018-04-23 05:17 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-25 16:29 - 2018-04-23 05:16 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-25 16:29 - 2018-04-23 05:16 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2011-03-03 00:34 - 2011-03-03 00:34 - 000073728 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Symlib.dll
2011-03-03 00:34 - 2011-03-03 00:34 - 002748416 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\LIBMYSQLD.dll
2018-05-06 02:25 - 2018-05-06 02:25 - 000011264 _____ () a:\temp\nsz4E5B.tmp\System.dll
2015-06-08 14:06 - 2015-06-08 14:06 - 000014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 082935384 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera_browser.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 000177240 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\message_center_win8.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 003733592 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libglesv2.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 000086616 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libegl.dll
2018-02-22 11:57 - 2018-02-22 11:57 - 024028656 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-11 17:53 - 2018-02-11 17:53 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000406528 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\harfbuzz-vs12.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000056832 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\SIFT.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 001317888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\netcdf.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000037888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\win_iconv.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000053760 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\freexl.dll
2016-08-25 23:13 - 2016-08-25 23:13 - 001041408 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\multiarray.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000371200 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\umath.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 005800448 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\_dotblas.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000141312 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\scalarmath.pyd
2016-06-27 15:21 - 2016-06-27 15:21 - 001014272 _____ () C:\Python27\ArcGIS10.5\DLLs\_hashlib.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000023552 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\lib\_compiled_base.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 005568512 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\lapack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 021509120 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\_umath_linalg.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000058880 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\fft\fftpack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000466432 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\random\mtrand.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000092672 _____ () C:\Python27\ArcGIS10.5\DLLs\_ctypes.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137216 _____ () C:\Python27\ArcGIS10.5\DLLs\_elementtree.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137728 _____ () C:\Python27\ArcGIS10.5\DLLs\pyexpat.pyd
2016-10-31 13:01 - 2016-10-31 13:01 - 002142720 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_core2411.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000510464 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_ml2411.dll
2018-04-13 02:56 - 2018-04-13 02:56 - 000095744 _____ () C:\Program Files (x86)\Gpg4win\bin\libkleopatraclientcore.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000234496 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Codecs.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000350720 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ConfigCore.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000125952 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ConfigGui.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 000316928 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ConfigWidgets.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000620032 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5CoreAddons.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 000053760 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Crash.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000311808 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5I18n.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 000234496 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5IconThemes.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000266240 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ItemModels.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 001178624 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Libkleo.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 000354816 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Mime.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 001228288 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5WidgetsAddons.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000142336 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5WindowSystem.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 000956928 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5XmlGui.dll
2018-04-13 02:42 - 2018-04-13 02:42 - 000153600 _____ () C:\Program Files (x86)\Gpg4win\bin\libgpg-error-0.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000327680 _____ () C:\Program Files (x86)\Gpg4win\bin\libgpgmepp-6.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000729600 _____ () C:\Program Files (x86)\Gpg4win\bin\libqgpgme-7.dll
2018-04-13 02:49 - 2018-04-13 02:49 - 000074752 _____ () C:\Program Files (x86)\Gpg4win\bin\libassuan-0.dll
2018-04-13 02:32 - 2018-04-13 02:32 - 000098304 _____ () C:\Program Files (x86)\Gpg4win\bin\libgcc_s_sjlj-1.dll
2018-04-13 02:32 - 2018-04-13 02:32 - 001287680 _____ () C:\Program Files (x86)\Gpg4win\bin\libstdc++-6.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000123392 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5GuiAddons.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000205312 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Archive.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000210432 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ItemViews.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 000214528 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Completion.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000311296 _____ () C:\Program Files (x86)\Gpg4win\bin\libgpgme-11.dll
2018-04-13 02:33 - 2018-04-13 02:33 - 000107520 _____ () C:\Program Files (x86)\Gpg4win\bin\zlib1.dll
2018-04-09 15:00 - 2018-04-09 15:00 - 000079760 _____ () C:\Program Files (x86)\GnuPG\bin\libassuan-0.dll
2018-04-09 15:00 - 2018-04-09 15:00 - 001001316 _____ () C:\Program Files (x86)\GnuPG\bin\libgcrypt-20.dll
2018-04-09 14:58 - 2018-04-09 14:58 - 000152780 _____ () C:\Program Files (x86)\GnuPG\bin\libgpg-error-0.dll
2018-04-09 14:58 - 2018-04-09 14:58 - 000028016 _____ () C:\Program Files (x86)\GnuPG\bin\libnpth-0.dll
2017-10-21 18:50 - 2017-10-21 18:50 - 000325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-05-06 00:22 - 000002132 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1125547639-1294637962-2935245663-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "LAN Messenger"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Process Hacker 2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{72DA076A-0E83-43B2-BE85-B4C5EA96FC84}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{85164A3A-523C-4052-A27D-DDE6199AC3C0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{8D70B11C-88C9-41ED-9BDB-3247C13F8822}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{111F5483-ED65-41DA-95A1-2DB90EB5BE88}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{738904B9-DFD9-455A-A48B-C0252E601CF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A1E766A-3BB9-4D4E-87B7-2F79E8BF80AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F845745-76A9-43C6-9F23-E806E18F6A1C}] => (Allow) C:\Servers\Plex Media Server\Plex Media Server.exe
FirewallRules: [{16406D6C-2B5B-437A-B8C9-0E9998154CE2}] => (Allow) C:\Servers\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{573A1E58-9471-4134-856F-2439E77145D3}] => (Allow) C:\Servers\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{E72D27DC-3C1F-4810-980B-E025FA9653CC}] => (Allow) C:\Servers\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{D5A057B7-7715-43C1-A8A6-9878C73D4B20}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
04-05-2018 13:30:41 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/06/2018 12:57:15 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/06/2018 12:57:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/06/2018 12:16:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Exception code: 0xc0000005
Fault offset: 0x00000000002c7b85
Faulting process id: 0x96c
Faulting application start time: 0x01d3e4f8d481b8a9
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 9b82bbd9-50ec-11e8-bf70-d56ec2f23646
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/06/2018 12:12:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Exception code: 0xc0000005
Fault offset: 0x00000000002c7b85
Faulting process id: 0x890
Faulting application start time: 0x01d3e4f8b9ca3476
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 0e1eb6c5-50ec-11e8-bf70-d56ec2f23646
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/04/2018 02:00:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/04/2018 02:00:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/04/2018 01:18:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/04/2018 01:18:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
 
System errors:
=============
Error: (05/06/2018 12:24:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:22:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error: 
%%2147943458 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (05/06/2018 12:22:20 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
 
Windows Defender:
===================================
Date: 2018-05-07 05:30:14.541
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {7C03FCDF-569B-4104-9C4D-2E8A9A0E6B8E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-07 05:23:52.870
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {731BA9FD-0508-4AE3-A3E9-2AD339C71099}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-06 03:15:59.880
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {AB2A8070-567C-4622-B685-88B25C5FB924}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-06 01:38:01.442
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {3A73F6E9-1701-4AB3-8A36-A383094FEC09}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-06 01:30:25.582
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {809454F2-D9DD-4A1C-BFE6-1A51A3958E48}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-05 23:33:33.907
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-28 21:31:48.779
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2017-11-17 02:20:17.993
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
CodeIntegrity:
===================================
 
Date: 2017-02-13 21:46:07.170
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.769
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.280
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.593
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.275
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.909
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.592
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 59%
Total physical RAM: 16247.11 MB
Available physical RAM: 6591.05 MB
Total Virtual: 18679.11 MB
Available Virtual: 7786 MB
 
==================== Drives ================================
 
Drive a: (TEMPDISK) (Fixed) (Total:3.99 GB) (Free:3.73 GB) FAT32
Drive b: (Backup) (Fixed) (Total:3725.99 GB) (Free:468.04 GB) NTFS
Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:26.21 GB) NTFS
Drive d: (Data Drive) (Fixed) (Total:3725.9 GB) (Free:2223.04 GB) NTFS
 
\\?\Volume{4f1e54b8-a647-11e5-be65-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: E84D4832)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 369A4321)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: A88F821A)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 AM

Posted 07 May 2018 - 07:41 AM

Duplicate post.

This topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users