Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer freezing up, firewall blocking odd IPs, dashost.exe not normal


  • This topic is locked This topic is locked
42 replies to this topic

#1 wardr

wardr

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 07 May 2018 - 07:23 AM

Computer starting to freeze for 5-10 seconds when opening programs, this is not normal for me as all programs including process heavy ones (photoshop, etc) usually open right up for me.  I've noticed odd firewall activity that isn't typical traffic outgoing packets always on port 80.  

 

Strangest of all though was I noticed dashost.exe process running listening for packets over port 58882 and 3702.  Further investigation in its properties shown this file to be located in windows/syswow64 and it is 0 bytes.  Further investigation of this file has shown it to have the old MS DOS icon (like this http://www.miguelcarrasco.net/miguelcarrasco/WindowsLiveWriter/MS-DOS_icon.png), it was created on 5/6/18 (yesterday), and a command line starting attribute of "c:\windows\system32\dashost.exe", which is where the regular file is located. Also if I push advanced in the properties from inside my firewall on this file, it uses custom MS DOS initalization files in the windows PIF settings: "Autoexec file name: %SYSTEMROOT%\system32\autoexec.nt" and "config file name: %SYSTEMROOT%\system32\config.nt".

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01

Ran by Ryan (administrator) on WENTZ (07-05-2018 06:15:39)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & Administrator (Available Profiles: Ryan & Mal & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Plex, Inc.) C:\Servers\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Everything\Everything.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitReader.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PortableApps.com) D:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(PortableApps.com) D:\PortableApps\SystemExplorerPortable\SystemExplorerPortable.exe
(Mister Group) D:\PortableApps\SystemExplorerPortable\App\SystemExplorer\SystemExplorer.exe
(Mister Group) D:\PortableApps\SystemExplorerPortable\App\SystemExplorer\service\SystemExplorerService64.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Telegram Messenger LLP) C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcMap.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISConnection.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\AppROT.exe
() C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe
(The GnuPG Project) C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFReport.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465608 2017-10-01] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-03-30] (Tonec Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5488080 2018-03-23] (SecureMix LLC)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\MountPoints2: {681a7406-dfb6-11e7-bf2e-c00c37bcec54} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-21-1125547639-1294637962-2935245663-500\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2018-03-31]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-12]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2018-05-06]
ShortcutTarget: Telegram.lnk -> C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
AlternateShell: 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1125547639-1294637962-2935245663-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-13] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7og14rox.default
FF DefaultProfile: th12gtab.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default [2018-05-07]
FF Session Restore: Mozilla\Firefox\Profiles\7og14rox.default -> is enabled.
FF Extension: (Disconnect) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Geolocater) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\geolocater@3liz.com [2016-11-20] [Legacy]
FF Extension: (Disable CSS) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-1VwU0d7h7azvou6XbFWe9tmQyoQ@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-29] [Legacy]
FF Extension: (Decentraleyes) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2018-02-26]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-30] [Legacy]
FF Extension: (Save as PDF) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-11-14]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\support@lastpass.com.xpi [2018-04-21]
FF Extension: (Google Translator for Firefox) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\translator@zoli.bod.xpi [2018-04-12]
FF Extension: (uBlock Origin) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-07]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2018-01-31]
FF Extension: (Capture & Print) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2018-01-17]
FF Extension: (JavaScript on-off applet) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-04-03] [Legacy]
FF Extension: (RightToClick) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-06-24] [Legacy]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\th12gtab.default [2018-05-07]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Ryan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2017-04-15] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-23] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4338640 2018-03-23] (SecureMix LLC)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Servers\Plex Media Server\Plex Update Service.exe [2212328 2018-03-29] (Plex, Inc.)
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
R2 SNMP; C:\WINDOWS\System32\snmp.exe [50688 2018-03-30] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2018-03-30] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2017-10-31] () [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S4 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [698296 2016-03-10] (Károly Pados) [File not signed]
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-19] (Reason Software Company Inc.)
R2 vmms; C:\WINDOWS\system32\vmms.exe [13838336 2018-01-01] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S4 hippovnc_service; "C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe" -service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [19456 2018-04-19] (Microsoft Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-25] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2018-05-07] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-26] (Malwarebytes)
R1 MpKsle1f1b5bd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3BCF67D-F8BE-4427-868A-EB791AFBA957}\MpKsle1f1b5bd.sys [58120 2018-05-07] (Microsoft Corporation)
R0 Mrvdp; C:\WINDOWS\System32\drivers\mrvdp.sys [64944 2017-12-01] (Windows ® Win 7 DDK provider)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [22016 2018-04-19] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows ® Win 7 DDK provider)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [28160 2018-04-19] (Microsoft Corporation)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [40888 2017-08-20] (USBPcap)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [18944 2018-04-19] (Microsoft Corporation)
R3 VMSMP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [688640 2018-02-08] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation)
S4 dbx; system32\DRIVERS\dbx.sys [X]
S4 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-07 06:15 - 2018-05-07 06:16 - 000026704 _____ C:\Users\Ryan\Desktop\FRST.txt
2018-05-07 06:14 - 2018-05-07 06:15 - 000000000 ____D C:\FRST
2018-05-07 06:13 - 2018-05-07 06:13 - 002406912 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2018-05-07 05:05 - 2018-05-07 05:05 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2018-05-06 19:40 - 2018-05-06 19:40 - 000000016 _____ C:\Users\Ryan\Desktop\rpp.txt
2018-05-06 02:29 - 2018-05-06 02:29 - 000000000 ___HD C:\WINDOWS\PIF
2018-05-06 02:26 - 2018-05-06 02:26 - 000000000 _____ C:\WINDOWS\SysWOW64\dasHost.exe
2018-05-06 00:17 - 2018-05-06 00:20 - 000000000 ____D C:\AdwCleaner
2018-05-05 23:33 - 2018-05-06 00:21 - 000227326 _____ C:\WINDOWS\ntbtlog.txt
2018-05-05 23:30 - 2018-05-07 05:50 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-05 08:13 - 2018-05-05 08:13 - 000000000 ____D C:\Users\Ryan\.gnome2
2018-05-04 23:08 - 2018-05-04 23:08 - 000000000 ___DL C:\project
2018-05-04 20:11 - 2018-05-04 20:11 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\AMD
2018-04-25 16:29 - 2018-04-25 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-24 03:06 - 2018-04-24 03:07 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-04-24 03:01 - 2018-04-24 03:02 - 000000000 ____D C:\AMD
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-23 22:42 - 2018-04-23 22:44 - 000000000 ____D C:\delete
2018-04-23 20:54 - 2015-10-26 19:00 - 000001759 _____ C:\Users\Ryan\Desktop\Get-Distance.ps1
2018-04-23 05:15 - 2018-04-23 05:15 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-22 04:56 - 2018-04-22 04:56 - 000000000 ____D C:\Program Files (x86)\AM-DeadLink
2018-04-22 01:41 - 2018-04-22 01:41 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-04-22 01:40 - 2018-04-22 01:41 - 000000000 ____D C:\ProgramData\EPSON
2018-04-22 01:40 - 2018-04-22 01:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-04-22 01:39 - 2010-09-28 18:01 - 000118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHWA.DLL
2018-04-22 01:39 - 2010-08-09 18:02 - 000083456 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHWA.DLL
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\Program Files (x86)\Privacyware
2018-04-22 01:29 - 2013-09-29 21:24 - 000133152 _____ (Privacyware/PWI, Inc.) C:\WINDOWS\system32\Drivers\pwipf6.sys
2018-04-22 01:06 - 2018-04-22 01:06 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Moonchild Productions
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2018-04-20 07:30 - 2015-03-08 19:25 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickvpexchange.dll
2018-04-20 07:30 - 2015-03-08 19:24 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicguestinterface.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicshutdown.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimesync.dll
2018-04-20 07:30 - 2015-03-08 19:22 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicheartbeat.dll
2018-04-20 07:30 - 2015-03-08 19:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvss.dll
2018-04-20 07:30 - 2015-03-08 19:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\GRASS7
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 7.0.4
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\Documents\grassdata
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Program Files\GRASS GIS 7.0.4
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-04-19 17:35 - 2018-05-05 21:19 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3}
2018-04-19 17:35 - 2018-05-05 21:19 - 000003684 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2}
2018-04-19 17:18 - 2018-04-19 17:21 - 000005797 _____ C:\WINDOWS\Macrium Reflect Patch Log.txt
2018-04-19 16:46 - 2018-05-06 00:38 - 027715584 _____ C:\WINDOWS\system32\vmguest.iso
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\vmguest
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\CMAK
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files (x86)\CMAK
2018-04-19 16:12 - 2018-05-06 00:22 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-04-18 18:41 - 2018-04-18 18:38 - 000383786 _____ C:\bootmgr
2018-04-18 18:19 - 2013-04-18 15:54 - 000010414 _____ C:\WINDOWS\system32\athw8x.cat
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2018-04-18 00:02 - 2018-05-05 21:22 - 000003880 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28}
2018-04-18 00:02 - 2018-05-05 21:21 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F}
2018-04-18 00:02 - 2018-04-19 17:35 - 000000000 ____D C:\Users\Ryan\Documents\Reflect
2018-04-17 23:35 - 2018-04-17 23:35 - 000001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium viBoot.lnk
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\Program Files\Macrium
2018-04-17 23:13 - 2018-04-18 18:37 - 000000000 ____D C:\ProgramData\Macrium
2018-04-17 22:42 - 2018-04-17 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-04-17 21:47 - 2018-04-17 21:47 - 000000000 ____D C:\Users\Ryan\Documents\WinMerge
2018-04-17 20:34 - 2018-04-17 20:34 - 000000000 ___DL C:\subsonic
2018-04-17 20:16 - 2018-04-17 20:31 - 000000000 ____D C:\Servers
2018-04-17 18:58 - 2018-04-17 18:12 - 000040592 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2018-04-17 18:58 - 2018-01-30 10:26 - 000076968 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRCBT.sys
2018-04-17 18:58 - 2018-01-30 09:28 - 000088944 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\MRCBTES.dll
2018-04-17 15:35 - 2018-04-17 15:35 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-04-17 15:22 - 2018-04-17 15:22 - 000000366 _____ C:\TDSSKiller.3.1.0.12_17.04.2018_15.22.27_log.txt
2018-04-17 14:35 - 2018-05-07 05:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\gnupg
2018-04-17 14:35 - 2018-05-07 02:56 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\kleopatra
2018-04-17 14:35 - 2018-04-17 14:35 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-04-17 01:48 - 2018-04-17 01:52 - 000000000 ____D C:\ProgramData\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\Program Files\UCheck
2018-04-17 01:41 - 2018-04-17 01:41 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-13 16:28 - 2018-05-06 22:17 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Telegram Desktop
2018-04-13 16:28 - 2018-04-13 16:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-04-13 12:23 - 2018-04-13 12:38 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Wireshark
2018-04-13 12:21 - 2018-04-13 12:21 - 000001800 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\Wireshark
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\USBPcap
2018-04-12 02:36 - 2018-04-12 02:36 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2018-04-12 00:18 - 2018-04-16 20:33 - 000000000 ____D C:\wallets
2018-04-12 00:18 - 2018-04-12 00:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum-LTC
2018-04-11 14:40 - 2018-05-05 02:15 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum
2018-04-10 18:01 - 2018-03-23 08:50 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-04-10 18:01 - 2018-03-22 18:00 - 025742336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 18:01 - 2018-03-22 16:26 - 020287488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 18:01 - 2018-03-22 16:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 18:01 - 2018-03-22 16:15 - 005780480 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 18:01 - 2018-03-22 16:06 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 18:01 - 2018-03-22 15:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 18:01 - 2018-03-22 15:42 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 18:01 - 2018-03-22 15:37 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 18:01 - 2018-03-22 15:29 - 015282688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 18:01 - 2018-03-22 15:29 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 18:01 - 2018-03-22 15:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 18:01 - 2018-03-22 15:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 18:01 - 2018-03-22 15:27 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 18:01 - 2018-03-22 15:21 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 18:01 - 2018-03-22 15:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 18:01 - 2018-03-22 15:20 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 18:01 - 2018-03-22 15:15 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 18:01 - 2018-03-22 15:15 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 18:01 - 2018-03-22 15:15 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 18:01 - 2018-03-22 15:14 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 18:01 - 2018-03-22 15:04 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 18:01 - 2018-03-22 14:55 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 18:01 - 2018-03-22 14:53 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 18:01 - 2018-03-22 14:52 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 18:01 - 2018-03-22 14:51 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 18:01 - 2018-03-10 12:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 18:01 - 2018-03-09 19:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 18:01 - 2018-03-09 19:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 18:01 - 2018-03-09 16:20 - 007405392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 18:01 - 2018-03-09 16:20 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 18:01 - 2018-03-09 16:20 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 18:01 - 2018-03-09 16:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 18:01 - 2018-03-09 14:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 18:01 - 2018-03-09 09:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 18:01 - 2018-03-08 14:53 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2018-04-10 18:01 - 2018-03-08 13:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-04-10 18:01 - 2018-03-08 13:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-04-10 18:01 - 2018-03-08 09:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 18:01 - 2018-03-07 18:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 18:01 - 2018-03-07 18:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 18:01 - 2018-03-07 14:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 18:01 - 2018-03-07 13:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 18:01 - 2018-03-03 12:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 18:01 - 2018-03-03 12:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 18:01 - 2018-02-09 20:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 18:01 - 2018-02-09 20:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 18:01 - 2018-02-09 12:44 - 000276304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 18:01 - 2018-02-09 12:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 18:01 - 2018-02-08 13:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 18:01 - 2018-02-08 13:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 18:01 - 2018-02-08 13:21 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2018-04-10 18:01 - 2018-02-08 13:18 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2018-04-10 18:01 - 2018-02-08 13:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-04-10 18:01 - 2018-02-08 13:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-04-10 18:01 - 2018-02-08 12:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 18:01 - 2018-02-08 12:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 18:01 - 2018-02-08 12:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 18:01 - 2018-02-08 12:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 18:01 - 2018-02-08 12:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 18:01 - 2018-02-08 12:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 18:01 - 2018-02-08 12:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-04-10 18:01 - 2018-02-08 12:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 18:01 - 2018-02-08 12:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 18:01 - 2018-01-25 09:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-10 18:01 - 2018-01-25 09:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-10 17:52 - 2018-03-16 13:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:52 - 2018-03-14 08:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:52 - 2018-03-14 08:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:11 - 2018-04-10 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2018-04-10 17:11 - 2018-04-10 17:11 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-04-10 17:11 - 2015-05-28 23:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-10 14:28 - 2018-04-23 23:20 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Videos
2018-04-10 14:26 - 2018-04-23 22:46 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Temp Files
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ C:\Users\Ryan\AppData\Roaming\version2.xml
2018-04-08 21:10 - 2018-04-08 21:10 - 000000748 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subsonic.lnk
2018-04-08 08:57 - 2018-04-08 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BehavePlus5
2018-04-08 08:57 - 2018-04-08 08:57 - 000000000 ____D C:\Behave
2018-04-07 14:04 - 2018-04-10 22:17 - 016190640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-07 05:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-07 05:23 - 2015-12-19 09:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2018-05-07 04:38 - 2016-11-18 10:56 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\Mozilla
2018-05-07 03:26 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2018-05-06 14:33 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-06 00:56 - 2015-12-19 09:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2018-05-06 00:26 - 2014-11-21 03:43 - 000808718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-06 00:26 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-06 00:23 - 2015-12-24 10:04 - 000000000 ___DO C:\Users\Ryan\OneDrive
2018-05-06 00:22 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-06 00:22 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-05 23:33 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-05-05 23:32 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2018-05-05 08:13 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2018-05-05 02:32 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\IDM
2018-04-25 16:29 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-24 02:32 - 2016-02-13 04:06 - 000000000 ____D C:\Users\Ryan\Documents\Outlook Files
2018-04-23 22:47 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2018-04-23 22:44 - 2016-04-17 21:04 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\OBS
2018-04-22 01:29 - 2016-02-21 02:35 - 000000146 _____ C:\WINDOWS\ODBC.INI
2018-04-21 22:40 - 2015-12-25 12:44 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-04-21 01:50 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-20 01:37 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2018-04-19 19:41 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2018-04-19 19:41 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-04-19 16:44 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\schemas
2018-04-19 16:40 - 2018-03-14 04:45 - 006288896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-04-19 16:40 - 2017-09-14 13:17 - 000068952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000019800 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-19 16:40 - 2014-11-21 04:19 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2018-04-19 16:40 - 2014-11-21 04:17 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthnic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmulatedNic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthstor.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthfcvdev.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2018-04-19 16:40 - 2013-08-22 06:48 - 000014688 _____ C:\WINDOWS\system32\sbresources.dll
2018-04-19 16:40 - 2013-08-22 06:46 - 001466522 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2018-04-19 16:40 - 2013-08-22 06:39 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2018-04-19 16:40 - 2013-08-22 06:39 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2018-04-19 16:40 - 2013-08-22 06:38 - 000039739 _____ C:\WINDOWS\system32\hypervisor.mof
2018-04-19 16:40 - 2013-08-22 05:59 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2018-04-19 16:40 - 2013-08-22 05:35 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2018-04-19 16:40 - 2013-08-22 04:53 - 000033280 _____ C:\WINDOWS\system32\ActivationVdev.dll
2018-04-19 16:40 - 2013-08-22 04:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2018-04-19 16:40 - 2013-08-22 03:25 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2018-04-19 16:40 - 2013-08-22 02:35 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2018-04-19 16:20 - 2016-05-29 20:52 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2018-04-18 18:19 - 2016-02-12 21:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-17 22:42 - 2015-12-24 10:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-17 20:29 - 2016-03-18 18:33 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2018-04-17 20:19 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-04-17 15:35 - 2017-09-25 16:53 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-17 01:41 - 2016-05-29 20:52 - 000000000 ____D C:\ProgramData\Skype
2018-04-17 00:29 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-16 18:06 - 2016-04-22 21:24 - 000004042 _____ C:\WINDOWS\System32\Tasks\WeeklyFullBackup
2018-04-16 12:30 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-15 21:53 - 2015-12-25 11:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2018-04-13 12:22 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-13 12:22 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-12 08:57 - 2017-04-04 21:13 - 000000000 ____D C:\Users\Ryan\.matplotlib
2018-04-12 01:12 - 2015-12-25 10:38 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-11 05:16 - 2016-12-30 19:09 - 000000000 ____D C:\Users\Ryan\.qgis2
2018-04-10 22:16 - 2015-12-24 11:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 22:16 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-04-10 18:39 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 18:36 - 2017-10-13 12:58 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-10 18:36 - 2015-12-23 23:50 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-10 13:56 - 2016-05-27 02:08 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2018-04-10 13:56 - 2016-05-27 02:07 - 000000000 ____D C:\WINDOWS\system32\1033
2018-04-10 13:56 - 2016-05-27 01:52 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-04-10 00:30 - 2017-10-28 13:08 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\LastPass
2018-04-10 00:06 - 2016-02-17 22:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2018-04-08 19:36 - 2016-06-03 04:12 - 000000000 ___RD C:\Users\Ryan\Box Sync
2018-04-08 19:34 - 2016-03-17 21:16 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\MPC-HC
2018-04-08 19:21 - 2018-03-18 22:10 - 000000000 ____D C:\ProgramData\TinyWall
2018-04-08 19:18 - 2017-11-24 10:35 - 000004132 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-08 19:18 - 2016-04-17 20:58 - 000002784 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-08 19:12 - 2018-03-18 22:10 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\TinyWall
2018-04-07 17:27 - 2013-08-22 10:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-07 17:26 - 2016-02-13 00:45 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-04-07 14:13 - 2016-02-12 22:08 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-04-07 13:58 - 2015-12-24 09:46 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-07 13:58 - 2013-08-22 10:36 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
 
==================== Files in the root of some directories =======
 
2016-07-08 23:43 - 2016-07-08 23:44 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-05-10 20:57 - 2017-08-29 15:52 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ () C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ () C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ () C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ () C:\Users\Ryan\AppData\Roaming\version2.xml
2016-05-10 15:51 - 2018-05-04 20:17 - 000001456 _____ () C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
2018-03-11 02:21 - 2018-03-31 12:53 - 000000600 _____ () C:\Users\Ryan\AppData\Local\PUTTY.RND
2018-05-05 08:13 - 2018-05-05 08:13 - 000000776 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2016-02-12 22:46 - 2018-04-16 17:08 - 000007664 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-01-01 09:48 - 2017-01-01 09:48 - 000018432 _____ () C:\Users\Ryan\AppData\Local\WebpageIcons.db
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dasHost.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-05 21:31
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Ryan (07-05-2018 06:16:24)
Running from C:\Users\Ryan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
backup (S-1-5-21-1125547639-1294637962-2935245663-1008 - Limited - Enabled)
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Mal (S-1-5-21-1125547639-1294637962-2935245663-1007 - Limited - Enabled) => C:\Users\Mal
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acrylic Wi-Fi Home v3.3 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.3 - Tarlogic Research S.L.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{0368352A-8996-4E80-B9A1-B1BA43FAE6E6}) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 1 (2.1.1) (HKLM\...\ArcGISPro Update211) (Version: ArcGIS Pro 2.1 Patch 1 (2.1.1) - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 2 (2.1.2) (HKLM\...\ArcGISPro Update212) (Version: ArcGIS Pro 2.1 Patch 2 (2.1.2) - Environmental Systems Research Institute, Inc.)
BehavePlus 5.0.5 (HKLM-x32\...\BehavePlus 5.0.5) (Version: BehavePlus 5.0.5 - US Forest Service & Systems for Environmental Management)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.11.2 (HKLM-x32\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.102 - SecureMix LLC)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.6 - The GnuPG Project)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (3.1.0) (HKLM-x32\...\Gpg4win) (Version: 3.1.0 - The Gpg4win Project)
GRASS GIS 7.0 (x86_64) (HKLM-x32\...\GRASS GIS 7.0.4) (Version: 7.0.4-1 - GRASS Development Team)
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infix PDF Editor version 7.2.4.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 7.2.4.0 - Iceni Technology)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\{5C6B042F-4CF9-4FAA-B6E3-114ED13B3F1F}) (Version: 7.1.3147 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Pale Moon (x86 en-US) (HKLM-x32\...\Pale Moon (x86 en-US)) (Version: 27.9.0 - Moonchild Productions)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{7FF4B7DE-1868-4FC7-85D1-71AB4A9854AA}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{a5994029-1812-4589-9a98-d383ef836659}) (Version: 1.12.2.4929 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Stopping Plex (HKLM-x32\...\{21805CDC-99F9-4FC3-9862-E9A23217F9B2}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Telegram Desktop version 1.2.17 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.17 - Telegram Messenger LLP)
TinyWall (HKLM-x32\...\{20E767BE-FE75-4429-8722-A5D75AC2FCA6}) (Version: 2.1.8.0 - Károly Pados)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
UCheck version 2.3.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.3.0 - Adlice Software)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\WinDirStat) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Wireshark 2.4.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.6 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-03-30] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D6AA24E-9BC2-4D82-8A3F-740A8F0010DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {199570A0-61A9-47D9-9B7F-9C215DEE5C6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {28FC4995-C863-42E8-867A-492B826A57B4} - System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {3707E839-088F-43E2-A580-2370CAC4F9CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {41934EE9-4FAC-43A4-8375-3EC9C4021BA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {567BE05C-6E82-49AB-916D-EFD2C668A9CC} - System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {5F8563ED-B7ED-4AB5-B381-207DDEF8E420} - System32\Tasks\{E907829C-0BD6-4E9D-8CF2-E656FBFB36AC} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\R291793.exe -d C:\Users\Ryan\Desktop
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {70FA3629-E3CD-4518-B867-3EB608E9016E} - System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:B: -include:C: -allCritical -quiet]
Task: {A5B3709B-E471-4213-8109-23C8C7CEC681} - System32\Tasks\{CD235A97-B409-463F-8E8F-CF79FF19B93C} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\I580-A07.EXE -d C:\Users\Ryan\Desktop
Task: {A7F01DBB-90CD-4B80-8BE4-D2D5379A2A9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {BD4FB12E-10C1-4472-98A7-B4C962CAC8D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {C04F1DBD-C070-4B04-ACE5-C631CD2FF95E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {C6F5060D-FE85-4DB6-AD4A-70A11B52C2B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {D703BE43-55DC-4F4E-A794-F71F09CC535F} - System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {DD1C45E3-C460-41DC-AE54-BDDC3A53A11D} - System32\Tasks\SanDisk_SSD_TRIM_172437464102 => C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboard.exe [2017-07-06] (Western Digital Corporation or its affiliates)
Task: {E5FBB09D-19E1-49D9-B45B-42757316272D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2018-03-04] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-13 00:45 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2017-10-31 13:44 - 2017-10-31 13:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2015-04-15 15:13 - 2015-04-15 15:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-31 13:44 - 2017-10-31 13:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2018-04-13 02:56 - 2018-04-13 02:56 - 003607040 _____ () C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe
2017-10-13 13:07 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-23 02:41 - 2018-03-23 02:41 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000083432 _____ () C:\Servers\Plex Media Server\zlib.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000203240 _____ () C:\Servers\Plex Media Server\libidn.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-01-24 15:19 - 2018-04-23 05:17 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-25 16:29 - 2018-04-23 05:16 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-25 16:29 - 2018-04-23 05:16 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2011-03-03 00:34 - 2011-03-03 00:34 - 000073728 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Symlib.dll
2011-03-03 00:34 - 2011-03-03 00:34 - 002748416 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\LIBMYSQLD.dll
2018-05-06 02:25 - 2018-05-06 02:25 - 000011264 _____ () a:\temp\nsz4E5B.tmp\System.dll
2015-06-08 14:06 - 2015-06-08 14:06 - 000014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 082935384 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera_browser.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 000177240 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\message_center_win8.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 003733592 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libglesv2.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 000086616 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libegl.dll
2018-02-22 11:57 - 2018-02-22 11:57 - 024028656 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-11 17:53 - 2018-02-11 17:53 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000406528 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\harfbuzz-vs12.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000056832 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\SIFT.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 001317888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\netcdf.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000037888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\win_iconv.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000053760 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\freexl.dll
2016-08-25 23:13 - 2016-08-25 23:13 - 001041408 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\multiarray.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000371200 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\umath.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 005800448 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\_dotblas.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000141312 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\scalarmath.pyd
2016-06-27 15:21 - 2016-06-27 15:21 - 001014272 _____ () C:\Python27\ArcGIS10.5\DLLs\_hashlib.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000023552 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\lib\_compiled_base.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 005568512 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\lapack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 021509120 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\_umath_linalg.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000058880 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\fft\fftpack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000466432 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\random\mtrand.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000092672 _____ () C:\Python27\ArcGIS10.5\DLLs\_ctypes.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137216 _____ () C:\Python27\ArcGIS10.5\DLLs\_elementtree.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137728 _____ () C:\Python27\ArcGIS10.5\DLLs\pyexpat.pyd
2016-10-31 13:01 - 2016-10-31 13:01 - 002142720 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_core2411.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000510464 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_ml2411.dll
2018-04-13 02:56 - 2018-04-13 02:56 - 000095744 _____ () C:\Program Files (x86)\Gpg4win\bin\libkleopatraclientcore.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000234496 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Codecs.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000350720 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ConfigCore.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000125952 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ConfigGui.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 000316928 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ConfigWidgets.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000620032 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5CoreAddons.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 000053760 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Crash.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000311808 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5I18n.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 000234496 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5IconThemes.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000266240 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ItemModels.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 001178624 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Libkleo.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 000354816 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Mime.dll
2018-04-13 02:54 - 2018-04-13 02:54 - 001228288 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5WidgetsAddons.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000142336 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5WindowSystem.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 000956928 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5XmlGui.dll
2018-04-13 02:42 - 2018-04-13 02:42 - 000153600 _____ () C:\Program Files (x86)\Gpg4win\bin\libgpg-error-0.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000327680 _____ () C:\Program Files (x86)\Gpg4win\bin\libgpgmepp-6.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000729600 _____ () C:\Program Files (x86)\Gpg4win\bin\libqgpgme-7.dll
2018-04-13 02:49 - 2018-04-13 02:49 - 000074752 _____ () C:\Program Files (x86)\Gpg4win\bin\libassuan-0.dll
2018-04-13 02:32 - 2018-04-13 02:32 - 000098304 _____ () C:\Program Files (x86)\Gpg4win\bin\libgcc_s_sjlj-1.dll
2018-04-13 02:32 - 2018-04-13 02:32 - 001287680 _____ () C:\Program Files (x86)\Gpg4win\bin\libstdc++-6.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000123392 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5GuiAddons.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000205312 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Archive.dll
2018-04-13 02:52 - 2018-04-13 02:52 - 000210432 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5ItemViews.dll
2018-04-13 02:55 - 2018-04-13 02:55 - 000214528 _____ () C:\Program Files (x86)\Gpg4win\bin\libKF5Completion.dll
2018-04-13 02:51 - 2018-04-13 02:51 - 000311296 _____ () C:\Program Files (x86)\Gpg4win\bin\libgpgme-11.dll
2018-04-13 02:33 - 2018-04-13 02:33 - 000107520 _____ () C:\Program Files (x86)\Gpg4win\bin\zlib1.dll
2018-04-09 15:00 - 2018-04-09 15:00 - 000079760 _____ () C:\Program Files (x86)\GnuPG\bin\libassuan-0.dll
2018-04-09 15:00 - 2018-04-09 15:00 - 001001316 _____ () C:\Program Files (x86)\GnuPG\bin\libgcrypt-20.dll
2018-04-09 14:58 - 2018-04-09 14:58 - 000152780 _____ () C:\Program Files (x86)\GnuPG\bin\libgpg-error-0.dll
2018-04-09 14:58 - 2018-04-09 14:58 - 000028016 _____ () C:\Program Files (x86)\GnuPG\bin\libnpth-0.dll
2017-10-21 18:50 - 2017-10-21 18:50 - 000325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-05-06 00:22 - 000002132 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1125547639-1294637962-2935245663-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "LAN Messenger"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Process Hacker 2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{72DA076A-0E83-43B2-BE85-B4C5EA96FC84}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{85164A3A-523C-4052-A27D-DDE6199AC3C0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{8D70B11C-88C9-41ED-9BDB-3247C13F8822}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{111F5483-ED65-41DA-95A1-2DB90EB5BE88}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{738904B9-DFD9-455A-A48B-C0252E601CF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A1E766A-3BB9-4D4E-87B7-2F79E8BF80AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F845745-76A9-43C6-9F23-E806E18F6A1C}] => (Allow) C:\Servers\Plex Media Server\Plex Media Server.exe
FirewallRules: [{16406D6C-2B5B-437A-B8C9-0E9998154CE2}] => (Allow) C:\Servers\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{573A1E58-9471-4134-856F-2439E77145D3}] => (Allow) C:\Servers\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{E72D27DC-3C1F-4810-980B-E025FA9653CC}] => (Allow) C:\Servers\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{D5A057B7-7715-43C1-A8A6-9878C73D4B20}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
04-05-2018 13:30:41 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/06/2018 12:57:15 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/06/2018 12:57:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/06/2018 12:16:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Exception code: 0xc0000005
Fault offset: 0x00000000002c7b85
Faulting process id: 0x96c
Faulting application start time: 0x01d3e4f8d481b8a9
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 9b82bbd9-50ec-11e8-bf70-d56ec2f23646
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/06/2018 12:12:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Exception code: 0xc0000005
Fault offset: 0x00000000002c7b85
Faulting process id: 0x890
Faulting application start time: 0x01d3e4f8b9ca3476
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 0e1eb6c5-50ec-11e8-bf70-d56ec2f23646
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/04/2018 02:00:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/04/2018 02:00:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/04/2018 01:18:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/04/2018 01:18:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
 
System errors:
=============
Error: (05/06/2018 12:24:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:24:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/06/2018 12:22:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error: 
%%2147943458 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (05/06/2018 12:22:20 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
 
Windows Defender:
===================================
Date: 2018-05-07 05:30:14.541
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {7C03FCDF-569B-4104-9C4D-2E8A9A0E6B8E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-07 05:23:52.870
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {731BA9FD-0508-4AE3-A3E9-2AD339C71099}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-06 03:15:59.880
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {AB2A8070-567C-4622-B685-88B25C5FB924}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-06 01:38:01.442
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {3A73F6E9-1701-4AB3-8A36-A383094FEC09}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-06 01:30:25.582
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {809454F2-D9DD-4A1C-BFE6-1A51A3958E48}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-05 23:33:33.907
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-28 21:31:48.779
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2017-11-17 02:20:17.993
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
CodeIntegrity:
===================================
 
Date: 2017-02-13 21:46:07.170
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.769
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.280
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.593
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.275
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.909
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.592
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 59%
Total physical RAM: 16247.11 MB
Available physical RAM: 6591.05 MB
Total Virtual: 18679.11 MB
Available Virtual: 7786 MB
 
==================== Drives ================================
 
Drive a: (TEMPDISK) (Fixed) (Total:3.99 GB) (Free:3.73 GB) FAT32
Drive b: (Backup) (Fixed) (Total:3725.99 GB) (Free:468.04 GB) NTFS
Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:26.21 GB) NTFS
Drive d: (Data Drive) (Fixed) (Total:3725.9 GB) (Free:2223.04 GB) NTFS
 
\\?\Volume{4f1e54b8-a647-11e5-be65-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: E84D4832)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 369A4321)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: A88F821A)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:36 PM

Posted 07 May 2018 - 02:08 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

:step1:

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

dasHost.exe

It then should look like:

Search: dasHost.exe

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.

 

:step2:

  • Highlight the entire content of the quote box below.

Start::
File: C:\Windows\SysWOW64\dasHost.exe
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 07 May 2018 - 07:32 PM

1.
Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Ryan (07-05-2018 19:23:37)
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
 
================== Search Files: "dasHost.exe" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-d..ssociationframework_31bf3856ad364e35_6.3.9600.17415_none_0ab5c6a1cdf2abcf\dasHost.exe
[2014-11-21 04:17][2014-11-21 04:17] 000094720 _____ (Microsoft Corporation) 66CFAA5940A06DAF10F5203BC2B1A5AB [File is digitally signed]
 
C:\Windows\SysWOW64\dasHost.exe
[2018-05-06 02:26][2018-05-06 02:26] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]
 
C:\Windows\System32\dasHost.exe
[2014-11-21 04:17][2014-11-21 04:17] 000094720 _____ (Microsoft Corporation) 66CFAA5940A06DAF10F5203BC2B1A5AB [File is digitally signed]
 
 
====== End of Search ======
 
 
 
2.
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Ryan (07-05-2018 19:30:06) Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & Administrator (Available Profiles: Ryan & Mal & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
File: C:\Windows\SysWOW64\dasHost.exe
 
*****************
 
 
========================= File: C:\Windows\SysWOW64\dasHost.exe ========================
 
C:\Windows\SysWOW64\dasHost.exe
File is digitally signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date: 2018-05-06 02:26 - 2018-05-06 02:26
Size: 000000000
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0-byte
 
====== End of File: ======
 
 
==== End of Fixlog 19:30:06 ====


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:36 PM

Posted 08 May 2018 - 01:50 PM

The file seems patched, and there are no backup for a 32 bit file. Lets remove it.

 

 

  • Highlight the entire content of the quote box below.

Start::  
C:\Windows\SysWOW64\dasHost.exe
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

Open an Administrator Command prompt and run the following commands:

 

SFC /ScanNow

 

Once finished run this command:

 

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"

 

This will create a log, sfcdetails.txt, on your desktop. Post also its contents in your reply.


Edited by JSntgRvr, 08 May 2018 - 01:54 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 08 May 2018 - 03:58 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Ryan (08-05-2018 15:32:12) Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mal & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
C:\Windows\SysWOW64\dasHost.exe
 
*****************
 
C:\Windows\SysWOW64\dasHost.exe => moved successfully
 
==== End of Fixlog 15:32:12 ====
 
 
 
 
 
 
2018-05-08 15:38:37, Info                  CSI    00000004 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:38:37, Info                  CSI    00000005 [SR] Beginning Verify and Repair transaction
2018-05-08 15:38:47, Info                  CSI    00000006 [SR] Verify complete
2018-05-08 15:38:47, Info                  CSI    00000007 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:38:47, Info                  CSI    00000008 [SR] Beginning Verify and Repair transaction
2018-05-08 15:38:53, Info                  CSI    00000009 [SR] Verify complete
2018-05-08 15:38:53, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:38:53, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2018-05-08 15:38:59, Info                  CSI    0000000c [SR] Verify complete
2018-05-08 15:38:59, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:38:59, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:07, Info                  CSI    0000000f [SR] Verify complete
2018-05-08 15:39:07, Info                  CSI    00000010 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:07, Info                  CSI    00000011 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:11, Info                  CSI    00000012 [SR] Verify complete
2018-05-08 15:39:11, Info                  CSI    00000013 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:11, Info                  CSI    00000014 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:14, Info                  CSI    00000015 [SR] Verify complete
2018-05-08 15:39:14, Info                  CSI    00000016 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:14, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:17, Info                  CSI    0000001a [SR] Verify complete
2018-05-08 15:39:17, Info                  CSI    0000001b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:17, Info                  CSI    0000001c [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:19, Info                  CSI    0000001d [SR] Verify complete
2018-05-08 15:39:19, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:19, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:22, Info                  CSI    00000020 [SR] Verify complete
2018-05-08 15:39:22, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:22, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:24, Info                  CSI    00000023 [SR] Verify complete
2018-05-08 15:39:24, Info                  CSI    00000024 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:24, Info                  CSI    00000025 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:26, Info                  CSI    00000026 [SR] Verify complete
2018-05-08 15:39:26, Info                  CSI    00000027 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:26, Info                  CSI    00000028 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:28, Info                  CSI    00000029 [SR] Verify complete
2018-05-08 15:39:29, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:29, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:31, Info                  CSI    0000002c [SR] Verify complete
2018-05-08 15:39:31, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:31, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:33, Info                  CSI    0000002f [SR] Verify complete
2018-05-08 15:39:33, Info                  CSI    00000030 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:33, Info                  CSI    00000031 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:35, Info                  CSI    00000032 [SR] Verify complete
2018-05-08 15:39:35, Info                  CSI    00000033 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:35, Info                  CSI    00000034 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:38, Info                  CSI    00000035 [SR] Verify complete
2018-05-08 15:39:38, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:38, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:40, Info                  CSI    00000038 [SR] Verify complete
2018-05-08 15:39:40, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:40, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:43, Info                  CSI    0000003b [SR] Verify complete
2018-05-08 15:39:43, Info                  CSI    0000003c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:43, Info                  CSI    0000003d [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:45, Info                  CSI    0000003e [SR] Verify complete
2018-05-08 15:39:46, Info                  CSI    0000003f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:46, Info                  CSI    00000040 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:48, Info                  CSI    00000041 [SR] Verify complete
2018-05-08 15:39:48, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:48, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:50, Info                  CSI    00000044 [SR] Verify complete
2018-05-08 15:39:50, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:50, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:52, Info                  CSI    00000047 [SR] Verify complete
2018-05-08 15:39:53, Info                  CSI    00000048 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:53, Info                  CSI    00000049 [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:55, Info                  CSI    0000004a [SR] Verify complete
2018-05-08 15:39:55, Info                  CSI    0000004b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:55, Info                  CSI    0000004c [SR] Beginning Verify and Repair transaction
2018-05-08 15:39:57, Info                  CSI    0000004d [SR] Verify complete
2018-05-08 15:39:57, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:39:57, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:00, Info                  CSI    00000050 [SR] Verify complete
2018-05-08 15:40:00, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:00, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:02, Info                  CSI    00000053 [SR] Verify complete
2018-05-08 15:40:02, Info                  CSI    00000054 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:02, Info                  CSI    00000055 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:05, Info                  CSI    00000056 [SR] Verify complete
2018-05-08 15:40:05, Info                  CSI    00000057 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:05, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:07, Info                  CSI    00000059 [SR] Verify complete
2018-05-08 15:40:07, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:07, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:10, Info                  CSI    0000005c [SR] Verify complete
2018-05-08 15:40:10, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:10, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:12, Info                  CSI    0000005f [SR] Verify complete
2018-05-08 15:40:12, Info                  CSI    00000060 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:12, Info                  CSI    00000061 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:15, Info                  CSI    00000062 [SR] Verify complete
2018-05-08 15:40:15, Info                  CSI    00000063 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:15, Info                  CSI    00000064 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:17, Info                  CSI    00000065 [SR] Verify complete
2018-05-08 15:40:18, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:18, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:20, Info                  CSI    00000068 [SR] Verify complete
2018-05-08 15:40:20, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:20, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:23, Info                  CSI    0000006b [SR] Verify complete
2018-05-08 15:40:23, Info                  CSI    0000006c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:23, Info                  CSI    0000006d [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:25, Info                  CSI    0000006e [SR] Verify complete
2018-05-08 15:40:26, Info                  CSI    0000006f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:26, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:28, Info                  CSI    00000071 [SR] Verify complete
2018-05-08 15:40:28, Info                  CSI    00000072 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:28, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:32, Info                  CSI    00000074 [SR] Verify complete
2018-05-08 15:40:32, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:32, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:35, Info                  CSI    00000077 [SR] Verify complete
2018-05-08 15:40:35, Info                  CSI    00000078 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:35, Info                  CSI    00000079 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:39, Info                  CSI    0000007a [SR] Verify complete
2018-05-08 15:40:39, Info                  CSI    0000007b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:39, Info                  CSI    0000007c [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:42, Info                  CSI    0000007d [SR] Verify complete
2018-05-08 15:40:42, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:42, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:44, Info                  CSI    00000080 [SR] Verify complete
2018-05-08 15:40:44, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:44, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:48, Info                  CSI    00000083 [SR] Verify complete
2018-05-08 15:40:48, Info                  CSI    00000084 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:48, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:52, Info                  CSI    00000086 [SR] Verify complete
2018-05-08 15:40:52, Info                  CSI    00000087 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:52, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:54, Info                  CSI    00000089 [SR] Verify complete
2018-05-08 15:40:54, Info                  CSI    0000008a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:54, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:57, Info                  CSI    0000008c [SR] Verify complete
2018-05-08 15:40:57, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:57, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2018-05-08 15:40:59, Info                  CSI    0000008f [SR] Verify complete
2018-05-08 15:40:59, Info                  CSI    00000090 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:40:59, Info                  CSI    00000091 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:01, Info                  CSI    00000092 [SR] Verify complete
2018-05-08 15:41:01, Info                  CSI    00000093 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:01, Info                  CSI    00000094 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:04, Info                  CSI    00000095 [SR] Verify complete
2018-05-08 15:41:04, Info                  CSI    00000096 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:04, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:06, Info                  CSI    00000098 [SR] Verify complete
2018-05-08 15:41:06, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:06, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:08, Info                  CSI    0000009b [SR] Verify complete
2018-05-08 15:41:08, Info                  CSI    0000009c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:08, Info                  CSI    0000009d [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:10, Info                  CSI    0000009e [SR] Verify complete
2018-05-08 15:41:11, Info                  CSI    0000009f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:11, Info                  CSI    000000a0 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:13, Info                  CSI    000000a1 [SR] Verify complete
2018-05-08 15:41:13, Info                  CSI    000000a2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:13, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:15, Info                  CSI    000000a4 [SR] Verify complete
2018-05-08 15:41:15, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:15, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:17, Info                  CSI    000000a7 [SR] Verify complete
2018-05-08 15:41:18, Info                  CSI    000000a8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:18, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:20, Info                  CSI    000000aa [SR] Verify complete
2018-05-08 15:41:20, Info                  CSI    000000ab [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:20, Info                  CSI    000000ac [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:22, Info                  CSI    000000ad [SR] Verify complete
2018-05-08 15:41:22, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:22, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:24, Info                  CSI    000000b0 [SR] Verify complete
2018-05-08 15:41:24, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:24, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:27, Info                  CSI    000000b3 [SR] Verify complete
2018-05-08 15:41:27, Info                  CSI    000000b4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:27, Info                  CSI    000000b5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:29, Info                  CSI    000000b6 [SR] Verify complete
2018-05-08 15:41:29, Info                  CSI    000000b7 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:29, Info                  CSI    000000b8 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:31, Info                  CSI    000000b9 [SR] Verify complete
2018-05-08 15:41:31, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:31, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:33, Info                  CSI    000000bc [SR] Verify complete
2018-05-08 15:41:33, Info                  CSI    000000bd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:33, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:36, Info                  CSI    000000bf [SR] Verify complete
2018-05-08 15:41:36, Info                  CSI    000000c0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:36, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:38, Info                  CSI    000000c2 [SR] Verify complete
2018-05-08 15:41:38, Info                  CSI    000000c3 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:38, Info                  CSI    000000c4 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:41, Info                  CSI    000000c6 [SR] Verify complete
2018-05-08 15:41:41, Info                  CSI    000000c7 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:41, Info                  CSI    000000c8 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:43, Info                  CSI    000000c9 [SR] Verify complete
2018-05-08 15:41:43, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:43, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:45, Info                  CSI    000000cc [SR] Verify complete
2018-05-08 15:41:45, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:45, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:48, Info                  CSI    000000cf [SR] Verify complete
2018-05-08 15:41:48, Info                  CSI    000000d0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:48, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:50, Info                  CSI    000000d2 [SR] Verify complete
2018-05-08 15:41:50, Info                  CSI    000000d3 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:50, Info                  CSI    000000d4 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:52, Info                  CSI    000000d5 [SR] Verify complete
2018-05-08 15:41:52, Info                  CSI    000000d6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:52, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:55, Info                  CSI    000000d8 [SR] Verify complete
2018-05-08 15:41:55, Info                  CSI    000000d9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:55, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:57, Info                  CSI    000000db [SR] Verify complete
2018-05-08 15:41:57, Info                  CSI    000000dc [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:57, Info                  CSI    000000dd [SR] Beginning Verify and Repair transaction
2018-05-08 15:41:59, Info                  CSI    000000de [SR] Verify complete
2018-05-08 15:41:59, Info                  CSI    000000df [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:41:59, Info                  CSI    000000e0 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:02, Info                  CSI    000000e1 [SR] Verify complete
2018-05-08 15:42:02, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:02, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:04, Info                  CSI    000000e4 [SR] Verify complete
2018-05-08 15:42:04, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:04, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:07, Info                  CSI    000000e7 [SR] Verify complete
2018-05-08 15:42:07, Info                  CSI    000000e8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:07, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:09, Info                  CSI    000000ea [SR] Verify complete
2018-05-08 15:42:09, Info                  CSI    000000eb [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:09, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:11, Info                  CSI    000000ed [SR] Verify complete
2018-05-08 15:42:12, Info                  CSI    000000ee [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:12, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:14, Info                  CSI    000000f0 [SR] Verify complete
2018-05-08 15:42:14, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:14, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:16, Info                  CSI    000000f3 [SR] Verify complete
2018-05-08 15:42:16, Info                  CSI    000000f4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:16, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:19, Info                  CSI    000000f6 [SR] Verify complete
2018-05-08 15:42:19, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:19, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:21, Info                  CSI    000000f9 [SR] Verify complete
2018-05-08 15:42:21, Info                  CSI    000000fa [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:21, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:24, Info                  CSI    000000fc [SR] Verify complete
2018-05-08 15:42:24, Info                  CSI    000000fd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:24, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:26, Info                  CSI    000000ff [SR] Verify complete
2018-05-08 15:42:27, Info                  CSI    00000100 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:27, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:30, Info                  CSI    00000102 [SR] Verify complete
2018-05-08 15:42:30, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:30, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:33, Info                  CSI    00000105 [SR] Verify complete
2018-05-08 15:42:33, Info                  CSI    00000106 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:33, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:36, Info                  CSI    00000108 [SR] Verify complete
2018-05-08 15:42:36, Info                  CSI    00000109 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:36, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:38, Info                  CSI    0000010b [SR] Verify complete
2018-05-08 15:42:38, Info                  CSI    0000010c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:38, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:40, Info                  CSI    0000010e [SR] Verify complete
2018-05-08 15:42:40, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:40, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:43, Info                  CSI    00000111 [SR] Verify complete
2018-05-08 15:42:43, Info                  CSI    00000112 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:43, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:45, Info                  CSI    00000114 [SR] Verify complete
2018-05-08 15:42:45, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:45, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:47, Info                  CSI    00000117 [SR] Verify complete
2018-05-08 15:42:47, Info                  CSI    00000118 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:47, Info                  CSI    00000119 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:50, Info                  CSI    0000011a [SR] Verify complete
2018-05-08 15:42:50, Info                  CSI    0000011b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:50, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:52, Info                  CSI    0000011d [SR] Verify complete
2018-05-08 15:42:52, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:52, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:56, Info                  CSI    00000120 [SR] Verify complete
2018-05-08 15:42:56, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:56, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2018-05-08 15:42:58, Info                  CSI    00000123 [SR] Verify complete
2018-05-08 15:42:58, Info                  CSI    00000124 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:42:58, Info                  CSI    00000125 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:00, Info                  CSI    00000126 [SR] Verify complete
2018-05-08 15:43:00, Info                  CSI    00000127 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:00, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:03, Info                  CSI    00000129 [SR] Verify complete
2018-05-08 15:43:03, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:03, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:06, Info                  CSI    0000012c [SR] Verify complete
2018-05-08 15:43:06, Info                  CSI    0000012d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:06, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:09, Info                  CSI    0000012f [SR] Verify complete
2018-05-08 15:43:09, Info                  CSI    00000130 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:09, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:11, Info                  CSI    00000132 [SR] Verify complete
2018-05-08 15:43:11, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:11, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:15, Info                  CSI    00000135 [SR] Verify complete
2018-05-08 15:43:15, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:15, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:19, Info                  CSI    00000139 [SR] Verify complete
2018-05-08 15:43:19, Info                  CSI    0000013a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:19, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:22, Info                  CSI    00000154 [SR] Verify complete
2018-05-08 15:43:23, Info                  CSI    00000155 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:23, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:27, Info                  CSI    0000015d [SR] Verify complete
2018-05-08 15:43:27, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:27, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:31, Info                  CSI    00000166 [SR] Verify complete
2018-05-08 15:43:31, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:31, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:35, Info                  CSI    0000016a [SR] Verify complete
2018-05-08 15:43:35, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:35, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:38, Info                  CSI    00000175 [SR] Verify complete
2018-05-08 15:43:38, Info                  CSI    00000176 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:38, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:43, Info                  CSI    00000179 [SR] Verify complete
2018-05-08 15:43:43, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:43, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:47, Info                  CSI    0000017c [SR] Verify complete
2018-05-08 15:43:47, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:47, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:53, Info                  CSI    00000198 [SR] Verify complete
2018-05-08 15:43:53, Info                  CSI    00000199 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:53, Info                  CSI    0000019a [SR] Beginning Verify and Repair transaction
2018-05-08 15:43:58, Info                  CSI    000001aa [SR] Verify complete
2018-05-08 15:43:58, Info                  CSI    000001ab [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:43:58, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:04, Info                  CSI    000001d0 [SR] Verify complete
2018-05-08 15:44:05, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:05, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:10, Info                  CSI    000001d5 [SR] Verify complete
2018-05-08 15:44:10, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:10, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:15, Info                  CSI    000001e7 [SR] Verify complete
2018-05-08 15:44:15, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:15, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:20, Info                  CSI    000001fa [SR] Verify complete
2018-05-08 15:44:20, Info                  CSI    000001fb [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:20, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:23, Info                  CSI    00000202 [SR] Verify complete
2018-05-08 15:44:23, Info                  CSI    00000203 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:23, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:27, Info                  CSI    00000205 [SR] Verify complete
2018-05-08 15:44:27, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:27, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:30, Info                  CSI    0000020c [SR] Verify complete
2018-05-08 15:44:31, Info                  CSI    0000020d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:31, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:35, Info                  CSI    0000021d [SR] Verify complete
2018-05-08 15:44:35, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:35, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:41, Info                  CSI    0000024d [SR] Verify complete
2018-05-08 15:44:41, Info                  CSI    0000024e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:41, Info                  CSI    0000024f [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:49, Info                  CSI    0000026f [SR] Verify complete
2018-05-08 15:44:49, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:49, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2018-05-08 15:44:59, Info                  CSI    00000272 [SR] Verify complete
2018-05-08 15:44:59, Info                  CSI    00000273 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:44:59, Info                  CSI    00000274 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:03, Info                  CSI    00000279 [SR] Verify complete
2018-05-08 15:45:03, Info                  CSI    0000027a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:03, Info                  CSI    0000027b [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:06, Info                  CSI    00000283 [SR] Verify complete
2018-05-08 15:45:06, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:06, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:11, Info                  CSI    0000029d [SR] Verify complete
2018-05-08 15:45:11, Info                  CSI    0000029e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:11, Info                  CSI    0000029f [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:15, Info                  CSI    000002a9 [SR] Verify complete
2018-05-08 15:45:15, Info                  CSI    000002aa [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:15, Info                  CSI    000002ab [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:17, Info                  CSI    000002ac [SR] Verify complete
2018-05-08 15:45:18, Info                  CSI    000002ad [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:18, Info                  CSI    000002ae [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:21, Info                  CSI    000002b7 [SR] Verify complete
2018-05-08 15:45:21, Info                  CSI    000002b8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:21, Info                  CSI    000002b9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:24, Info                  CSI    000002bd [SR] Verify complete
2018-05-08 15:45:25, Info                  CSI    000002be [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:25, Info                  CSI    000002bf [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:31, Info                  CSI    00000334 [SR] Verify complete
2018-05-08 15:45:31, Info                  CSI    00000335 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:31, Info                  CSI    00000336 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:36, Info                  CSI    0000033e [SR] Verify complete
2018-05-08 15:45:36, Info                  CSI    0000033f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:36, Info                  CSI    00000340 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:41, Info                  CSI    00000350 [SR] Verify complete
2018-05-08 15:45:41, Info                  CSI    00000351 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:41, Info                  CSI    00000352 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:50, Info                  CSI    00000353 [SR] Verify complete
2018-05-08 15:45:50, Info                  CSI    00000354 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:50, Info                  CSI    00000355 [SR] Beginning Verify and Repair transaction
2018-05-08 15:45:57, Info                  CSI    00000357 [SR] Verify complete
2018-05-08 15:45:57, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:45:57, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:04, Info                  CSI    00000375 [SR] Verify complete
2018-05-08 15:46:04, Info                  CSI    00000376 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:04, Info                  CSI    00000377 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:09, Info                  CSI    00000382 [SR] Verify complete
2018-05-08 15:46:09, Info                  CSI    00000383 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:09, Info                  CSI    00000384 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:14, Info                  CSI    00000385 [SR] Verify complete
2018-05-08 15:46:14, Info                  CSI    00000386 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:14, Info                  CSI    00000387 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:20, Info                  CSI    00000390 [SR] Verify complete
2018-05-08 15:46:20, Info                  CSI    00000391 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:20, Info                  CSI    00000392 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:29, Info                  CSI    000003b1 [SR] Verify complete
2018-05-08 15:46:29, Info                  CSI    000003b2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:29, Info                  CSI    000003b3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:32, Info                  CSI    000003b6 [SR] Verify complete
2018-05-08 15:46:33, Info                  CSI    000003b7 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:33, Info                  CSI    000003b8 [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:36, Info                  CSI    000003bd [SR] Verify complete
2018-05-08 15:46:36, Info                  CSI    000003be [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:36, Info                  CSI    000003bf [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:44, Info                  CSI    000003ca [SR] Verify complete
2018-05-08 15:46:44, Info                  CSI    000003cb [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:44, Info                  CSI    000003cc [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:48, Info                  CSI    000003f9 [SR] Verify complete
2018-05-08 15:46:48, Info                  CSI    000003fa [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:48, Info                  CSI    000003fb [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:51, Info                  CSI    000003fc [SR] Verify complete
2018-05-08 15:46:51, Info                  CSI    000003fd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:51, Info                  CSI    000003fe [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:55, Info                  CSI    0000040b [SR] Verify complete
2018-05-08 15:46:55, Info                  CSI    0000040c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:55, Info                  CSI    0000040d [SR] Beginning Verify and Repair transaction
2018-05-08 15:46:58, Info                  CSI    0000041d [SR] Verify complete
2018-05-08 15:46:58, Info                  CSI    0000041e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:46:58, Info                  CSI    0000041f [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:02, Info                  CSI    00000425 [SR] Verify complete
2018-05-08 15:47:02, Info                  CSI    00000426 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:02, Info                  CSI    00000427 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:06, Info                  CSI    00000436 [SR] Verify complete
2018-05-08 15:47:06, Info                  CSI    00000437 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:06, Info                  CSI    00000438 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:10, Info                  CSI    00000442 [SR] Verify complete
2018-05-08 15:47:10, Info                  CSI    00000443 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:10, Info                  CSI    00000444 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:13, Info                  CSI    00000445 [SR] Verify complete
2018-05-08 15:47:13, Info                  CSI    00000446 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:13, Info                  CSI    00000447 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:16, Info                  CSI    00000449 [SR] Verify complete
2018-05-08 15:47:16, Info                  CSI    0000044a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:16, Info                  CSI    0000044b [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:21, Info                  CSI    00000457 [SR] Verify complete
2018-05-08 15:47:22, Info                  CSI    00000458 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:22, Info                  CSI    00000459 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:24, Info                  CSI    00000462 [SR] Verify complete
2018-05-08 15:47:25, Info                  CSI    00000463 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:25, Info                  CSI    00000464 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:28, Info                  CSI    00000466 [SR] Verify complete
2018-05-08 15:47:29, Info                  CSI    00000467 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:29, Info                  CSI    00000468 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:33, Info                  CSI    00000472 [SR] Verify complete
2018-05-08 15:47:33, Info                  CSI    00000473 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:33, Info                  CSI    00000474 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:37, Info                  CSI    0000047b [SR] Verify complete
2018-05-08 15:47:38, Info                  CSI    0000047c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:38, Info                  CSI    0000047d [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:41, Info                  CSI    00000480 [SR] Verify complete
2018-05-08 15:47:41, Info                  CSI    00000481 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:41, Info                  CSI    00000482 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:47, Info                  CSI    000004b8 [SR] Verify complete
2018-05-08 15:47:48, Info                  CSI    000004b9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:48, Info                  CSI    000004ba [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:51, Info                  CSI    000004c1 [SR] Verify complete
2018-05-08 15:47:51, Info                  CSI    000004c2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:51, Info                  CSI    000004c3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:55, Info                  CSI    000004c9 [SR] Verify complete
2018-05-08 15:47:56, Info                  CSI    000004ca [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:47:56, Info                  CSI    000004cb [SR] Beginning Verify and Repair transaction
2018-05-08 15:47:59, Info                  CSI    000004cf [SR] Verify complete
2018-05-08 15:48:00, Info                  CSI    000004d0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:00, Info                  CSI    000004d1 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:04, Info                  CSI    000004d2 [SR] Verify complete
2018-05-08 15:48:05, Info                  CSI    000004d3 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:05, Info                  CSI    000004d4 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:08, Info                  CSI    000004d5 [SR] Verify complete
2018-05-08 15:48:09, Info                  CSI    000004d6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:09, Info                  CSI    000004d7 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:13, Info                  CSI    000004dd [SR] Verify complete
2018-05-08 15:48:13, Info                  CSI    000004de [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:13, Info                  CSI    000004df [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:18, Info                  CSI    000004eb [SR] Verify complete
2018-05-08 15:48:18, Info                  CSI    000004ec [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:18, Info                  CSI    000004ed [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:22, Info                  CSI    000004f9 [SR] Verify complete
2018-05-08 15:48:22, Info                  CSI    000004fa [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:22, Info                  CSI    000004fb [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:28, Info                  CSI    00000506 [SR] Verify complete
2018-05-08 15:48:28, Info                  CSI    00000507 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:28, Info                  CSI    00000508 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:34, Info                  CSI    00000512 [SR] Verify complete
2018-05-08 15:48:34, Info                  CSI    00000513 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:34, Info                  CSI    00000514 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:37, Info                  CSI    00000522 [SR] Verify complete
2018-05-08 15:48:37, Info                  CSI    00000523 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:37, Info                  CSI    00000524 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:42, Info                  CSI    00000526 [SR] Verify complete
2018-05-08 15:48:42, Info                  CSI    00000527 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:42, Info                  CSI    00000528 [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:48, Info                  CSI    0000052a [SR] Verify complete
2018-05-08 15:48:48, Info                  CSI    0000052b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:48, Info                  CSI    0000052c [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:55, Info                  CSI    0000053a [SR] Verify complete
2018-05-08 15:48:55, Info                  CSI    0000053b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:55, Info                  CSI    0000053c [SR] Beginning Verify and Repair transaction
2018-05-08 15:48:59, Info                  CSI    0000056b [SR] Verify complete
2018-05-08 15:48:59, Info                  CSI    0000056c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:48:59, Info                  CSI    0000056d [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:02, Info                  CSI    00000570 [SR] Verify complete
2018-05-08 15:49:02, Info                  CSI    00000571 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:02, Info                  CSI    00000572 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:06, Info                  CSI    00000581 [SR] Verify complete
2018-05-08 15:49:06, Info                  CSI    00000582 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:06, Info                  CSI    00000583 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:09, Info                  CSI    00000584 [SR] Verify complete
2018-05-08 15:49:09, Info                  CSI    00000585 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:09, Info                  CSI    00000586 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:12, Info                  CSI    00000588 [SR] Verify complete
2018-05-08 15:49:12, Info                  CSI    00000589 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:12, Info                  CSI    0000058a [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:16, Info                  CSI    0000058b [SR] Verify complete
2018-05-08 15:49:16, Info                  CSI    0000058c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:16, Info                  CSI    0000058d [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:20, Info                  CSI    0000058e [SR] Verify complete
2018-05-08 15:49:20, Info                  CSI    0000058f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:20, Info                  CSI    00000590 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:23, Info                  CSI    00000591 [SR] Verify complete
2018-05-08 15:49:23, Info                  CSI    00000592 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:23, Info                  CSI    00000593 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:26, Info                  CSI    00000594 [SR] Verify complete
2018-05-08 15:49:26, Info                  CSI    00000595 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:26, Info                  CSI    00000596 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:29, Info                  CSI    00000597 [SR] Verify complete
2018-05-08 15:49:29, Info                  CSI    00000598 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:29, Info                  CSI    00000599 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:32, Info                  CSI    0000059a [SR] Verify complete
2018-05-08 15:49:32, Info                  CSI    0000059b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:32, Info                  CSI    0000059c [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:35, Info                  CSI    0000059d [SR] Verify complete
2018-05-08 15:49:35, Info                  CSI    0000059e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:35, Info                  CSI    0000059f [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:38, Info                  CSI    000005bc [SR] Verify complete
2018-05-08 15:49:38, Info                  CSI    000005bd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:38, Info                  CSI    000005be [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:41, Info                  CSI    000005bf [SR] Verify complete
2018-05-08 15:49:41, Info                  CSI    000005c0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:41, Info                  CSI    000005c1 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:45, Info                  CSI    000005c4 [SR] Verify complete
2018-05-08 15:49:45, Info                  CSI    000005c5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:45, Info                  CSI    000005c6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:49, Info                  CSI    000005c7 [SR] Verify complete
2018-05-08 15:49:49, Info                  CSI    000005c8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:49, Info                  CSI    000005c9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:52, Info                  CSI    000005ca [SR] Verify complete
2018-05-08 15:49:52, Info                  CSI    000005cb [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:52, Info                  CSI    000005cc [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:55, Info                  CSI    000005cd [SR] Verify complete
2018-05-08 15:49:55, Info                  CSI    000005ce [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:55, Info                  CSI    000005cf [SR] Beginning Verify and Repair transaction
2018-05-08 15:49:58, Info                  CSI    000005d0 [SR] Verify complete
2018-05-08 15:49:58, Info                  CSI    000005d1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:49:58, Info                  CSI    000005d2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:02, Info                  CSI    000005d3 [SR] Verify complete
2018-05-08 15:50:02, Info                  CSI    000005d4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:02, Info                  CSI    000005d5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:05, Info                  CSI    000005e0 [SR] Verify complete
2018-05-08 15:50:05, Info                  CSI    000005e1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:05, Info                  CSI    000005e2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:07, Info                  CSI    000005e3 [SR] Verify complete
2018-05-08 15:50:08, Info                  CSI    000005e4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:08, Info                  CSI    000005e5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:11, Info                  CSI    00000653 [SR] Verify complete
2018-05-08 15:50:11, Info                  CSI    00000654 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:11, Info                  CSI    00000655 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:14, Info                  CSI    00000658 [SR] Verify complete
2018-05-08 15:50:14, Info                  CSI    00000659 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:14, Info                  CSI    0000065a [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:17, Info                  CSI    0000065d [SR] Verify complete
2018-05-08 15:50:17, Info                  CSI    0000065e [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:17, Info                  CSI    0000065f [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:20, Info                  CSI    00000660 [SR] Verify complete
2018-05-08 15:50:20, Info                  CSI    00000661 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:20, Info                  CSI    00000662 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:23, Info                  CSI    00000663 [SR] Verify complete
2018-05-08 15:50:23, Info                  CSI    00000664 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:23, Info                  CSI    00000665 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:26, Info                  CSI    00000666 [SR] Verify complete
2018-05-08 15:50:26, Info                  CSI    00000667 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:26, Info                  CSI    00000668 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:29, Info                  CSI    00000669 [SR] Verify complete
2018-05-08 15:50:29, Info                  CSI    0000066a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:29, Info                  CSI    0000066b [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:33, Info                  CSI    0000067c [SR] Verify complete
2018-05-08 15:50:33, Info                  CSI    0000067d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:33, Info                  CSI    0000067e [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:37, Info                  CSI    00000693 [SR] Verify complete
2018-05-08 15:50:37, Info                  CSI    00000694 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:37, Info                  CSI    00000695 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:43, Info                  CSI    0000069a [SR] Verify complete
2018-05-08 15:50:44, Info                  CSI    0000069b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:44, Info                  CSI    0000069c [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:46, Info                  CSI    0000069e [SR] Verify complete
2018-05-08 15:50:46, Info                  CSI    0000069f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:46, Info                  CSI    000006a0 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:48, Info                  CSI    000006a1 [SR] Verify complete
2018-05-08 15:50:49, Info                  CSI    000006a2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:49, Info                  CSI    000006a3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:53, Info                  CSI    000006b0 [SR] Verify complete
2018-05-08 15:50:53, Info                  CSI    000006b1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:50:53, Info                  CSI    000006b2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:50:59, Info                  CSI    000006b4 [SR] Verify complete
2018-05-08 15:51:00, Info                  CSI    000006b5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:00, Info                  CSI    000006b6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:04, Info                  CSI    000006d8 [SR] Verify complete
2018-05-08 15:51:04, Info                  CSI    000006d9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:04, Info                  CSI    000006da [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:08, Info                  CSI    000006e4 [SR] Verify complete
2018-05-08 15:51:08, Info                  CSI    000006e5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:08, Info                  CSI    000006e6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:13, Info                  CSI    000006f2 [SR] Verify complete
2018-05-08 15:51:13, Info                  CSI    000006f3 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:13, Info                  CSI    000006f4 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:18, Info                  CSI    00000714 [SR] Verify complete
2018-05-08 15:51:18, Info                  CSI    00000715 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:18, Info                  CSI    00000716 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:24, Info                  CSI    00000763 [SR] Verify complete
2018-05-08 15:51:24, Info                  CSI    00000764 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:24, Info                  CSI    00000765 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:29, Info                  CSI    00000766 [SR] Verify complete
2018-05-08 15:51:29, Info                  CSI    00000767 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:29, Info                  CSI    00000768 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:33, Info                  CSI    00000769 [SR] Verify complete
2018-05-08 15:51:33, Info                  CSI    0000076a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:33, Info                  CSI    0000076b [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:37, Info                  CSI    0000076e [SR] Verify complete
2018-05-08 15:51:37, Info                  CSI    0000076f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:37, Info                  CSI    00000770 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:41, Info                  CSI    0000078b [SR] Verify complete
2018-05-08 15:51:41, Info                  CSI    0000078c [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:41, Info                  CSI    0000078d [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:47, Info                  CSI    000007b2 [SR] Verify complete
2018-05-08 15:51:47, Info                  CSI    000007b3 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:47, Info                  CSI    000007b4 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:50, Info                  CSI    000007b7 [SR] Verify complete
2018-05-08 15:51:50, Info                  CSI    000007b8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:50, Info                  CSI    000007b9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:53, Info                  CSI    000007c1 [SR] Verify complete
2018-05-08 15:51:53, Info                  CSI    000007c2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:53, Info                  CSI    000007c3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:51:57, Info                  CSI    000007c4 [SR] Verify complete
2018-05-08 15:51:57, Info                  CSI    000007c5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:51:57, Info                  CSI    000007c6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:00, Info                  CSI    000007d0 [SR] Verify complete
2018-05-08 15:52:00, Info                  CSI    000007d1 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:00, Info                  CSI    000007d2 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:06, Info                  CSI    000007f4 [SR] Verify complete
2018-05-08 15:52:06, Info                  CSI    000007f5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:06, Info                  CSI    000007f6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:10, Info                  CSI    00000808 [SR] Verify complete
2018-05-08 15:52:10, Info                  CSI    00000809 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:10, Info                  CSI    0000080a [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:14, Info                  CSI    00000810 [SR] Verify complete
2018-05-08 15:52:14, Info                  CSI    00000811 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:14, Info                  CSI    00000812 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:17, Info                  CSI    00000814 [SR] Verify complete
2018-05-08 15:52:17, Info                  CSI    00000815 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:17, Info                  CSI    00000816 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:21, Info                  CSI    00000820 [SR] Verify complete
2018-05-08 15:52:22, Info                  CSI    00000821 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:22, Info                  CSI    00000822 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:30, Info                  CSI    00000823 [SR] Verify complete
2018-05-08 15:52:30, Info                  CSI    00000824 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:30, Info                  CSI    00000825 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:36, Info                  CSI    0000083e [SR] Verify complete
2018-05-08 15:52:36, Info                  CSI    0000083f [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:36, Info                  CSI    00000840 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:40, Info                  CSI    00000841 [SR] Verify complete
2018-05-08 15:52:40, Info                  CSI    00000842 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:40, Info                  CSI    00000843 [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:44, Info                  CSI    00000849 [SR] Verify complete
2018-05-08 15:52:44, Info                  CSI    0000084a [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:44, Info                  CSI    0000084b [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:51, Info                  CSI    0000086a [SR] Verify complete
2018-05-08 15:52:51, Info                  CSI    0000086b [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:51, Info                  CSI    0000086c [SR] Beginning Verify and Repair transaction
2018-05-08 15:52:55, Info                  CSI    0000087c [SR] Verify complete
2018-05-08 15:52:55, Info                  CSI    0000087d [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:52:55, Info                  CSI    0000087e [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:01, Info                  CSI    0000089f [SR] Verify complete
2018-05-08 15:53:01, Info                  CSI    000008a0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:01, Info                  CSI    000008a1 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:04, Info                  CSI    000008a3 [SR] Verify complete
2018-05-08 15:53:04, Info                  CSI    000008a4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:04, Info                  CSI    000008a5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:08, Info                  CSI    000008b5 [SR] Verify complete
2018-05-08 15:53:08, Info                  CSI    000008b6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:08, Info                  CSI    000008b7 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:10, Info                  CSI    000008b9 [SR] Verify complete
2018-05-08 15:53:10, Info                  CSI    000008ba [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:10, Info                  CSI    000008bb [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:14, Info                  CSI    000008c1 [SR] Verify complete
2018-05-08 15:53:14, Info                  CSI    000008c2 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:14, Info                  CSI    000008c3 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:17, Info                  CSI    000008c5 [SR] Verify complete
2018-05-08 15:53:17, Info                  CSI    000008c6 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:17, Info                  CSI    000008c7 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:20, Info                  CSI    000008cc [SR] Verify complete
2018-05-08 15:53:21, Info                  CSI    000008cd [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:21, Info                  CSI    000008ce [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:24, Info                  CSI    000008d3 [SR] Verify complete
2018-05-08 15:53:25, Info                  CSI    000008d4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:25, Info                  CSI    000008d5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:27, Info                  CSI    000008d8 [SR] Verify complete
2018-05-08 15:53:28, Info                  CSI    000008d9 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:28, Info                  CSI    000008da [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:31, Info                  CSI    000008df [SR] Verify complete
2018-05-08 15:53:31, Info                  CSI    000008e0 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:31, Info                  CSI    000008e1 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:35, Info                  CSI    000008e3 [SR] Verify complete
2018-05-08 15:53:35, Info                  CSI    000008e4 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:35, Info                  CSI    000008e5 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:38, Info                  CSI    000008e7 [SR] Verify complete
2018-05-08 15:53:38, Info                  CSI    000008e8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:38, Info                  CSI    000008e9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:42, Info                  CSI    000008f4 [SR] Verify complete
2018-05-08 15:53:42, Info                  CSI    000008f5 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:42, Info                  CSI    000008f6 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:46, Info                  CSI    000008f7 [SR] Verify complete
2018-05-08 15:53:46, Info                  CSI    000008f8 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:46, Info                  CSI    000008f9 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:50, Info                  CSI    000008fb [SR] Verify complete
2018-05-08 15:53:50, Info                  CSI    000008fc [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:50, Info                  CSI    000008fd [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:53, Info                  CSI    000008fe [SR] Verify complete
2018-05-08 15:53:54, Info                  CSI    000008ff [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:54, Info                  CSI    00000900 [SR] Beginning Verify and Repair transaction
2018-05-08 15:53:57, Info                  CSI    00000901 [SR] Verify complete
2018-05-08 15:53:57, Info                  CSI    00000902 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:53:57, Info                  CSI    00000903 [SR] Beginning Verify and Repair transaction
2018-05-08 15:54:00, Info                  CSI    00000904 [SR] Verify complete
2018-05-08 15:54:00, Info                  CSI    00000905 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:54:00, Info                  CSI    00000906 [SR] Beginning Verify and Repair transaction
2018-05-08 15:54:04, Info                  CSI    00000907 [SR] Verify complete
2018-05-08 15:54:04, Info                  CSI    00000908 [SR] Verifying 100 (0x0000000000000064) components
2018-05-08 15:54:04, Info                  CSI    00000909 [SR] Beginning Verify and Repair transaction
2018-05-08 15:54:07, Info                  CSI    0000090c [SR] Verify complete
2018-05-08 15:54:07, Info                  CSI    0000090d [SR] Verifying 19 (0x0000000000000013) components
2018-05-08 15:54:07, Info                  CSI    0000090e [SR] Beginning Verify and Repair transaction
2018-05-08 15:54:08, Info                  CSI    0000090f [SR] Verify complete
2018-05-08 15:54:08, Info                  CSI    00000910 [SR] Repairing 0 components
2018-05-08 15:54:08, Info                  CSI    00000911 [SR] Beginning Verify and Repair transaction
2018-05-08 15:54:08, Info                  CSI    00000912 [SR] Repair complete
 


#6 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 08 May 2018 - 04:08 PM

by the way, I had to reset my computer after I ran the FRST, and while sfc /scannow was running, I looked in the "port tracking" window of my firewall, and sure enough there was dashost.exe listening for UDP packets.  The file was removed though, so when I try to view the properties of the file, it says "not found".  How can it still be listed as listening for incoming packets if it doesn't exist?


Edited by wardr, 08 May 2018 - 04:36 PM.


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:36 PM

Posted 08 May 2018 - 07:08 PM

The file dasHost.exe is a legit file. It is known as the Device Association Framework Provider Host. As long as it is running from the C:\Windows\System32 folder, it is legit. You can read about it here. We remove the one running from the C:\Windows\SysWOW64 folder, as that one had no signature.
 
Lets scan.

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode


  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 09 May 2018 - 01:25 AM

I thought the roguekiller log would automatically save itself on my computer, so I ran the adwcleaner instead of saving the log, and it appears as if it is lost if you don't save it when you run the program.  In any case it basically found nothing, it just found 2 registry entries for the Internet Explorer start page under the HKEY_USERS section of the registry.  Doesn't seem like big deal.  Adwcleaner log is below.
 
Also be aware that around 11pm my computer was acting weird, so just for bleeps and giggles I went to the syswow64 directory in windows, I ran a "dir /a /od" command just to see if that 0 byte dashost.exe file appeared again. It did not. However there were 5 new ones that were just created at 11:01 PM, 11:02 PM, and 11:03 PM, 0 bytes.  They are:
smss.exe 0 bytes 11:00 PM
csrss.exe 0 bytes 11:01 PM
wininit.exe 0 bytes 11:02 PM
lsass.exe 0 bytes 11:02 PM
winlogon.exe 0 bytes 11:03 PM
 
 
Due to this odd activity, I went ahead and ran FRST again, and will post that log below the adwcleaner log.
 
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-07.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-09-2018
# Duration: 00:00:19
# OS:       Windows 8.1 Pro
# Scanned:  40830
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by Ryan (administrator) on WENTZ (09-05-2018 01:23:42)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mal & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Plex, Inc.) C:\Servers\Plex Media Server\Plex Update Service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Plex, Inc.) C:\Servers\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Servers\Plex Media Server\PlexScriptHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Telegram Messenger LLP) C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe
(Plex, Inc.) C:\Servers\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Servers\Plex Media Server\Plex Tuner Service.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(PortableApps.com) D:\PortableApps\SystemExplorerPortable\SystemExplorerPortable.exe
(Mister Group) D:\PortableApps\SystemExplorerPortable\App\SystemExplorer\SystemExplorer.exe
(Mister Group) D:\PortableApps\SystemExplorerPortable\App\SystemExplorer\service\SystemExplorerService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitReader.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcCatalog.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISConnection.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\AppROT.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcMap.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(LastPass) C:\Program Files (x86)\LastPass\LastPassBroker.exe
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
() C:\Program Files\Everything\Everything.exe
() C:\Program Files\Everything\Everything.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465608 2017-10-01] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-03-30] (Tonec Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5488080 2018-03-23] (SecureMix LLC)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\MountPoints2: {681a7406-dfb6-11e7-bf2e-c00c37bcec54} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2018-03-31]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-12]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2018-05-06]
ShortcutTarget: Telegram.lnk -> C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
AlternateShell: 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-13] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7og14rox.default
FF DefaultProfile: th12gtab.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default [2018-05-09]
FF Session Restore: Mozilla\Firefox\Profiles\7og14rox.default -> is enabled.
FF Extension: (Disconnect) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Geolocater) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\geolocater@3liz.com [2016-11-20] [Legacy]
FF Extension: (Disable CSS) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-1VwU0d7h7azvou6XbFWe9tmQyoQ@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-29] [Legacy]
FF Extension: (Decentraleyes) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2018-02-26]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-30] [Legacy]
FF Extension: (Save as PDF) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-11-14]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\support@lastpass.com.xpi [2018-04-21]
FF Extension: (Google Translator for Firefox) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\translator@zoli.bod.xpi [2018-04-12]
FF Extension: (uBlock Origin) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-07]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2018-01-31]
FF Extension: (Capture & Print) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2018-01-17]
FF Extension: (JavaScript on-off applet) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-04-03] [Legacy]
FF Extension: (RightToClick) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-06-24] [Legacy]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\th12gtab.default [2018-05-09]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Ryan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2017-04-15] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-23] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4338640 2018-03-23] (SecureMix LLC)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Servers\Plex Media Server\Plex Update Service.exe [2212328 2018-03-29] (Plex, Inc.)
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamSs; C:\WINDOWS\SysWOW64\lsass.exe [0 2018-05-08] () <==== ATTENTION (zero byte File/Folder)
S4 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
S4 SNMP; C:\WINDOWS\System32\snmp.exe [50688 2018-03-30] (Microsoft Corporation)
S4 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2018-03-30] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2017-10-31] () [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S4 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [698296 2016-03-10] (Károly Pados) [File not signed]
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-19] (Reason Software Company Inc.)
R2 vmms; C:\WINDOWS\system32\vmms.exe [13840384 2018-04-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [167944 2018-05-02] (Microsoft Corporation)
S4 hippovnc_service; "C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe" -service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [19456 2018-04-19] (Microsoft Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-25] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2018-05-07] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-26] (Malwarebytes)
R1 MpKsl186f501b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5723DC8E-B208-4C29-9F2A-4B3BA8D6D2F0}\MpKsl186f501b.sys [58120 2018-05-08] (Microsoft Corporation)
R0 Mrvdp; C:\WINDOWS\System32\drivers\mrvdp.sys [64944 2017-12-01] (Windows ® Win 7 DDK provider)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [22016 2018-04-19] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows ® Win 7 DDK provider)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [28160 2018-04-19] (Microsoft Corporation)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [40888 2017-08-20] (USBPcap)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [18944 2018-04-19] (Microsoft Corporation)
R3 VMSMP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [688640 2018-02-08] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation)
S4 dbx; system32\DRIVERS\dbx.sys [X]
S4 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-09 01:23 - 2018-05-09 01:24 - 000027400 _____ C:\Users\Ryan\Desktop\FRST.txt
2018-05-09 00:20 - 2018-05-09 00:58 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\Mozilla
2018-05-08 23:03 - 2018-05-08 23:03 - 000000000 _____ C:\WINDOWS\SysWOW64\winlogon.exe
2018-05-08 23:02 - 2018-05-08 23:02 - 000000000 _____ C:\WINDOWS\SysWOW64\lsass.exe
2018-05-08 23:01 - 2018-05-08 23:01 - 000000000 _____ C:\WINDOWS\SysWOW64\wininit.exe
2018-05-08 23:01 - 2018-05-08 23:01 - 000000000 _____ C:\WINDOWS\SysWOW64\csrss.exe
2018-05-08 23:00 - 2018-05-08 23:00 - 000000000 _____ C:\WINDOWS\SysWOW64\smss.exe
2018-05-08 22:51 - 2018-05-08 22:52 - 007271632 _____ (Malwarebytes) C:\Users\Ryan\Desktop\adwcleaner_7.1.1.exe
2018-05-08 22:50 - 2018-05-08 22:50 - 036639176 _____ (Adlice Software ) C:\Users\Ryan\Desktop\RogueKiller_setup.exe
2018-05-08 15:13 - 2018-05-08 15:13 - 000000000 ____D C:\Program Files\KeyboardNotification
2018-05-08 13:47 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 13:47 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 13:47 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 13:47 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 13:47 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 13:47 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 13:47 - 2018-04-10 13:53 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-05-08 13:47 - 2018-04-10 12:43 - 013840384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2018-05-08 13:47 - 2018-03-24 09:56 - 007033344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 13:47 - 2018-03-24 09:54 - 006214144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 13:47 - 2018-03-10 11:33 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 13:46 - 2018-04-22 04:02 - 000803696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 13:46 - 2018-04-22 03:06 - 000612600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 13:46 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 13:46 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 13:46 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 13:46 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 13:46 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 13:46 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 13:46 - 2018-04-22 01:57 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-05-08 13:46 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 13:46 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 13:46 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-05-08 13:46 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-08 13:46 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-08 13:46 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 13:46 - 2018-04-22 01:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-05-08 13:46 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-05-08 13:46 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-08 13:46 - 2018-04-22 01:27 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-08 13:46 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-08 13:46 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 13:46 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 13:46 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 13:46 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 13:46 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 13:46 - 2018-04-15 11:55 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 13:46 - 2018-04-15 11:16 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 13:46 - 2018-04-10 20:03 - 007406936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 13:46 - 2018-04-10 20:02 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 13:46 - 2018-04-10 20:02 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 13:46 - 2018-04-10 13:51 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-05-08 13:46 - 2018-04-10 13:27 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-08 13:46 - 2018-04-10 13:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 13:46 - 2018-04-10 12:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthstor.dll
2018-05-08 13:46 - 2018-04-10 12:43 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthfcvdev.dll
2018-05-08 13:46 - 2018-04-10 12:01 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-08 13:46 - 2018-04-10 11:50 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 13:46 - 2018-04-07 11:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-05-08 13:46 - 2018-04-07 10:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-05-08 13:46 - 2018-04-07 10:41 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 13:46 - 2018-04-07 10:23 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 13:46 - 2018-04-07 10:20 - 001707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 13:46 - 2018-04-07 10:10 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 13:46 - 2018-04-07 10:06 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-08 13:46 - 2018-04-07 10:01 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-08 13:46 - 2018-04-06 16:27 - 000376656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 13:46 - 2018-03-24 10:57 - 001101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2018-05-08 13:46 - 2018-03-24 10:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-08 13:46 - 2018-03-24 10:34 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2018-05-08 13:46 - 2018-03-24 10:22 - 001086976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-08 13:46 - 2018-03-15 17:29 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-08 13:46 - 2018-03-10 15:55 - 000137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2018-05-08 13:46 - 2018-03-10 14:04 - 000120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2018-05-08 13:46 - 2018-03-10 12:51 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-08 13:46 - 2018-03-10 12:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-05-08 13:46 - 2018-03-10 12:47 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 13:46 - 2018-03-10 12:43 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2018-05-08 13:46 - 2018-03-10 11:46 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-08 13:46 - 2018-03-10 11:44 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-08 13:46 - 2018-03-10 11:35 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-08 13:46 - 2018-03-10 11:35 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-08 13:46 - 2018-03-10 11:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2018-05-08 13:46 - 2018-03-10 11:21 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2018-05-08 13:46 - 2018-03-10 11:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2018-05-08 13:46 - 2018-03-10 11:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-05-08 13:46 - 2018-03-10 11:17 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2018-05-08 13:46 - 2018-03-10 11:17 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-08 13:46 - 2018-03-09 13:57 - 000276816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-08 13:46 - 2018-03-03 11:24 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-05-08 13:46 - 2018-03-03 11:18 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-05-08 13:46 - 2018-03-03 11:18 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2018-05-08 13:46 - 2018-03-03 11:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-05-08 13:46 - 2018-03-03 11:04 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-05-08 13:46 - 2018-03-03 11:04 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2018-05-08 13:46 - 2018-02-14 16:45 - 001308336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-08 13:46 - 2018-02-14 09:47 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-08 11:37 - 2018-05-08 11:37 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2018-05-07 06:14 - 2018-05-09 01:23 - 000000000 ____D C:\FRST
2018-05-07 06:13 - 2018-05-07 06:13 - 002406912 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2018-05-06 02:29 - 2018-05-06 02:29 - 000000000 ___HD C:\WINDOWS\PIF
2018-05-06 00:17 - 2018-05-09 00:42 - 000000000 ____D C:\AdwCleaner
2018-05-05 23:33 - 2018-05-06 00:21 - 000227326 _____ C:\WINDOWS\ntbtlog.txt
2018-05-05 23:30 - 2018-05-07 05:50 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-05 08:13 - 2018-05-05 08:13 - 000000000 ____D C:\Users\Ryan\.gnome2
2018-05-04 23:08 - 2018-05-04 23:08 - 000000000 ___DL C:\project
2018-05-04 20:11 - 2018-05-04 20:11 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\AMD
2018-05-02 05:15 - 2018-05-02 05:15 - 000167944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WirelessKB850NotificationService.exe
2018-04-25 16:29 - 2018-04-25 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-24 03:01 - 2018-04-24 03:02 - 000000000 ____D C:\AMD
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-23 22:42 - 2018-04-23 22:44 - 000000000 ____D C:\delete
2018-04-23 05:15 - 2018-04-23 05:15 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-22 04:56 - 2018-04-22 04:56 - 000000000 ____D C:\Program Files (x86)\AM-DeadLink
2018-04-22 01:41 - 2018-04-22 01:41 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-04-22 01:40 - 2018-04-22 01:41 - 000000000 ____D C:\ProgramData\EPSON
2018-04-22 01:40 - 2018-04-22 01:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-04-22 01:39 - 2010-09-28 18:01 - 000118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHWA.DLL
2018-04-22 01:39 - 2010-08-09 18:02 - 000083456 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHWA.DLL
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\Program Files (x86)\Privacyware
2018-04-22 01:29 - 2013-09-29 21:24 - 000133152 _____ (Privacyware/PWI, Inc.) C:\WINDOWS\system32\Drivers\pwipf6.sys
2018-04-22 01:06 - 2018-04-22 01:06 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Moonchild Productions
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2018-04-20 07:30 - 2015-03-08 19:25 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickvpexchange.dll
2018-04-20 07:30 - 2015-03-08 19:24 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicguestinterface.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicshutdown.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimesync.dll
2018-04-20 07:30 - 2015-03-08 19:22 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicheartbeat.dll
2018-04-20 07:30 - 2015-03-08 19:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvss.dll
2018-04-20 07:30 - 2015-03-08 19:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\GRASS7
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 7.0.4
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\Documents\grassdata
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Program Files\GRASS GIS 7.0.4
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-04-19 17:35 - 2018-05-05 21:19 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3}
2018-04-19 17:35 - 2018-05-05 21:19 - 000003684 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2}
2018-04-19 17:18 - 2018-04-19 17:21 - 000005797 _____ C:\WINDOWS\Macrium Reflect Patch Log.txt
2018-04-19 16:46 - 2018-05-08 15:39 - 027715584 _____ C:\WINDOWS\system32\vmguest.iso
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\vmguest
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\CMAK
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files (x86)\CMAK
2018-04-19 16:12 - 2018-05-06 00:22 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-04-18 18:41 - 2018-04-18 18:38 - 000383786 _____ C:\bootmgr
2018-04-18 18:19 - 2013-04-18 15:54 - 000010414 _____ C:\WINDOWS\system32\athw8x.cat
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2018-04-18 00:02 - 2018-05-05 21:22 - 000003880 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28}
2018-04-18 00:02 - 2018-05-05 21:21 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F}
2018-04-18 00:02 - 2018-04-19 17:35 - 000000000 ____D C:\Users\Ryan\Documents\Reflect
2018-04-17 23:35 - 2018-04-17 23:35 - 000001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium viBoot.lnk
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\Program Files\Macrium
2018-04-17 23:13 - 2018-04-18 18:37 - 000000000 ____D C:\ProgramData\Macrium
2018-04-17 22:42 - 2018-04-17 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-04-17 21:47 - 2018-04-17 21:47 - 000000000 ____D C:\Users\Ryan\Documents\WinMerge
2018-04-17 20:34 - 2018-04-17 20:34 - 000000000 ___DL C:\subsonic
2018-04-17 20:16 - 2018-04-17 20:31 - 000000000 ____D C:\Servers
2018-04-17 18:58 - 2018-04-17 18:12 - 000040592 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2018-04-17 18:58 - 2018-01-30 10:26 - 000076968 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRCBT.sys
2018-04-17 18:58 - 2018-01-30 09:28 - 000088944 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\MRCBTES.dll
2018-04-17 15:35 - 2018-04-17 15:35 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-04-17 15:22 - 2018-04-17 15:22 - 000000366 _____ C:\TDSSKiller.3.1.0.12_17.04.2018_15.22.27_log.txt
2018-04-17 14:35 - 2018-05-08 00:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\kleopatra
2018-04-17 14:35 - 2018-05-08 00:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\gnupg
2018-04-17 14:35 - 2018-04-17 14:35 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-04-17 01:48 - 2018-04-17 01:52 - 000000000 ____D C:\ProgramData\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\Program Files\UCheck
2018-04-17 01:41 - 2018-04-17 01:41 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-13 16:28 - 2018-05-08 15:38 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Telegram Desktop
2018-04-13 16:28 - 2018-04-13 16:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-04-13 12:23 - 2018-05-07 13:29 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Wireshark
2018-04-13 12:21 - 2018-04-13 12:21 - 000001800 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\Wireshark
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\USBPcap
2018-04-12 02:36 - 2018-04-12 02:36 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2018-04-12 00:18 - 2018-04-16 20:33 - 000000000 ____D C:\wallets
2018-04-12 00:18 - 2018-04-12 00:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum-LTC
2018-04-11 14:40 - 2018-05-05 02:15 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum
2018-04-10 18:01 - 2018-03-22 15:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 18:01 - 2018-03-22 15:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 18:01 - 2018-03-10 12:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 18:01 - 2018-03-09 19:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 18:01 - 2018-03-09 19:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 18:01 - 2018-03-09 16:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 18:01 - 2018-03-09 16:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 18:01 - 2018-03-09 16:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 18:01 - 2018-03-09 16:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 18:01 - 2018-03-09 14:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 18:01 - 2018-03-09 09:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 18:01 - 2018-03-09 09:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 18:01 - 2018-03-08 14:53 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2018-04-10 18:01 - 2018-03-08 13:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-04-10 18:01 - 2018-03-08 13:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-04-10 18:01 - 2018-03-08 09:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 18:01 - 2018-03-07 18:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 18:01 - 2018-03-07 18:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 18:01 - 2018-03-07 14:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 18:01 - 2018-03-07 13:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 18:01 - 2018-03-03 12:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 18:01 - 2018-03-03 12:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 18:01 - 2018-02-09 20:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 18:01 - 2018-02-09 20:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 18:01 - 2018-02-09 12:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 18:01 - 2018-02-08 13:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 18:01 - 2018-02-08 13:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 18:01 - 2018-02-08 13:21 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2018-04-10 18:01 - 2018-02-08 13:18 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2018-04-10 18:01 - 2018-02-08 13:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-04-10 18:01 - 2018-02-08 13:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-04-10 18:01 - 2018-02-08 12:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 18:01 - 2018-02-08 12:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 18:01 - 2018-02-08 12:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 18:01 - 2018-02-08 12:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 18:01 - 2018-02-08 12:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 18:01 - 2018-02-08 12:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 18:01 - 2018-02-08 12:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-04-10 18:01 - 2018-02-08 12:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 18:01 - 2018-02-08 12:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 18:01 - 2018-01-25 09:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-10 18:01 - 2018-01-25 09:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-10 17:52 - 2018-03-16 13:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:52 - 2018-03-14 08:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:52 - 2018-03-14 08:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:52 - 2018-03-14 08:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:11 - 2018-04-10 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2018-04-10 17:11 - 2018-04-10 17:11 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-04-10 17:11 - 2015-05-28 23:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-10 14:28 - 2018-04-23 23:20 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Videos
2018-04-10 14:26 - 2018-04-23 22:46 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Temp Files
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ C:\Users\Ryan\AppData\Roaming\version2.xml
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-09 01:03 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2018-05-09 00:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-09 00:21 - 2016-02-17 22:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2018-05-08 23:29 - 2015-12-19 09:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2018-05-08 23:23 - 2017-10-25 14:23 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-08 23:23 - 2017-10-25 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-08 23:23 - 2017-10-25 14:23 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-08 22:56 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2018-05-08 17:26 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2018-05-08 15:41 - 2014-11-21 03:43 - 000808718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-08 15:41 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-08 15:38 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-08 15:38 - 2015-12-24 10:04 - 000000000 ___DO C:\Users\Ryan\OneDrive
2018-05-08 15:36 - 2018-04-07 14:04 - 016190640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-08 15:36 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-08 15:36 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-08 15:36 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-08 15:36 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-08 15:16 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 15:13 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 15:09 - 2017-10-13 12:58 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 15:08 - 2015-12-23 23:50 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-08 14:12 - 2015-12-25 10:38 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-07 19:06 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\IDM
2018-05-06 00:56 - 2015-12-19 09:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2018-05-05 23:33 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-05-05 08:13 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2018-04-30 17:39 - 2014-11-21 11:23 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-30 17:39 - 2014-11-21 11:23 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-25 16:29 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-24 02:32 - 2016-02-13 04:06 - 000000000 ____D C:\Users\Ryan\Documents\Outlook Files
2018-04-23 22:47 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2018-04-23 22:44 - 2016-04-17 21:04 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\OBS
2018-04-22 01:29 - 2016-02-21 02:35 - 000000146 _____ C:\WINDOWS\ODBC.INI
2018-04-21 22:40 - 2015-12-25 12:44 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-04-19 19:41 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2018-04-19 19:41 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-04-19 16:44 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\schemas
2018-04-19 16:40 - 2017-09-14 13:17 - 000068952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000019800 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-19 16:40 - 2014-11-21 04:19 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2018-04-19 16:40 - 2014-11-21 04:17 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthnic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmulatedNic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2018-04-19 16:40 - 2013-08-22 06:48 - 000014688 _____ C:\WINDOWS\system32\sbresources.dll
2018-04-19 16:40 - 2013-08-22 06:46 - 001466522 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2018-04-19 16:40 - 2013-08-22 06:39 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2018-04-19 16:40 - 2013-08-22 06:39 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2018-04-19 16:40 - 2013-08-22 06:38 - 000039739 _____ C:\WINDOWS\system32\hypervisor.mof
2018-04-19 16:40 - 2013-08-22 05:59 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2018-04-19 16:40 - 2013-08-22 05:35 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2018-04-19 16:40 - 2013-08-22 04:53 - 000033280 _____ C:\WINDOWS\system32\ActivationVdev.dll
2018-04-19 16:40 - 2013-08-22 04:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2018-04-19 16:40 - 2013-08-22 03:25 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2018-04-19 16:40 - 2013-08-22 02:35 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2018-04-19 16:20 - 2016-05-29 20:52 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2018-04-18 18:19 - 2016-02-12 21:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-17 22:42 - 2015-12-24 10:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-17 20:29 - 2016-03-18 18:33 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2018-04-17 20:19 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-04-17 15:35 - 2017-09-25 16:53 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-17 01:41 - 2016-05-29 20:52 - 000000000 ____D C:\ProgramData\Skype
2018-04-17 00:29 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-16 18:06 - 2016-04-22 21:24 - 000004042 _____ C:\WINDOWS\System32\Tasks\WeeklyFullBackup
2018-04-16 12:30 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-15 21:53 - 2015-12-25 11:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2018-04-12 08:57 - 2017-04-04 21:13 - 000000000 ____D C:\Users\Ryan\.matplotlib
2018-04-11 05:16 - 2016-12-30 19:09 - 000000000 ____D C:\Users\Ryan\.qgis2
2018-04-10 22:16 - 2015-12-24 11:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 22:16 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-04-10 13:56 - 2016-05-27 02:08 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2018-04-10 13:56 - 2016-05-27 02:07 - 000000000 ____D C:\WINDOWS\system32\1033
2018-04-10 13:56 - 2016-05-27 01:52 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-04-10 00:30 - 2017-10-28 13:08 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\LastPass
 
==================== Files in the root of some directories =======
 
2016-07-08 23:43 - 2016-07-08 23:44 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-05-10 20:57 - 2017-08-29 15:52 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ () C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ () C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ () C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ () C:\Users\Ryan\AppData\Roaming\version2.xml
2016-05-10 15:51 - 2018-05-04 20:17 - 000001456 _____ () C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
2018-03-11 02:21 - 2018-03-31 12:53 - 000000600 _____ () C:\Users\Ryan\AppData\Local\PUTTY.RND
2018-05-05 08:13 - 2018-05-05 08:13 - 000000776 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2016-02-12 22:46 - 2018-05-08 20:03 - 000007661 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-01-01 09:48 - 2017-01-01 09:48 - 000018432 _____ () C:\Users\Ryan\AppData\Local\WebpageIcons.db
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\wininit.exe
C:\Windows\SysWOW64\winlogon.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-05 21:31
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Ryan (09-05-2018 01:24:26)
Running from C:\Users\Ryan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
backup (S-1-5-21-1125547639-1294637962-2935245663-1008 - Limited - Enabled)
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Mal (S-1-5-21-1125547639-1294637962-2935245663-1007 - Limited - Enabled) => C:\Users\Mal
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acrylic Wi-Fi Home v3.3 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.3 - Tarlogic Research S.L.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{0368352A-8996-4E80-B9A1-B1BA43FAE6E6}) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 1 (2.1.1) (HKLM\...\ArcGISPro Update211) (Version: ArcGIS Pro 2.1 Patch 1 (2.1.1) - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 2 (2.1.2) (HKLM\...\ArcGISPro Update212) (Version: ArcGIS Pro 2.1 Patch 2 (2.1.2) - Environmental Systems Research Institute, Inc.)
BehavePlus 5.0.5 (HKLM-x32\...\BehavePlus 5.0.5) (Version: BehavePlus 5.0.5 - US Forest Service & Systems for Environmental Management)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.11.2 (HKLM-x32\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.102 - SecureMix LLC)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.6 - The GnuPG Project)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (3.1.0) (HKLM-x32\...\Gpg4win) (Version: 3.1.0 - The Gpg4win Project)
GRASS GIS 7.0 (x86_64) (HKLM-x32\...\GRASS GIS 7.0.4) (Version: 7.0.4-1 - GRASS Development Team)
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infix PDF Editor version 7.2.4.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 7.2.4.0 - Iceni Technology)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\{5C6B042F-4CF9-4FAA-B6E3-114ED13B3F1F}) (Version: 7.1.3147 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Pale Moon (x86 en-US) (HKLM-x32\...\Pale Moon (x86 en-US)) (Version: 27.9.0 - Moonchild Productions)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{7FF4B7DE-1868-4FC7-85D1-71AB4A9854AA}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{a5994029-1812-4589-9a98-d383ef836659}) (Version: 1.12.2.4929 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.16.0 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Stopping Plex (HKLM-x32\...\{21805CDC-99F9-4FC3-9862-E9A23217F9B2}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Telegram Desktop version 1.2.17 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.17 - Telegram Messenger LLP)
TinyWall (HKLM-x32\...\{20E767BE-FE75-4429-8722-A5D75AC2FCA6}) (Version: 2.1.8.0 - Károly Pados)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
UCheck version 2.3.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.3.0 - Adlice Software)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\WinDirStat) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Wireshark 2.4.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.6 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-03-30] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D6AA24E-9BC2-4D82-8A3F-740A8F0010DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {199570A0-61A9-47D9-9B7F-9C215DEE5C6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {28FC4995-C863-42E8-867A-492B826A57B4} - System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {3707E839-088F-43E2-A580-2370CAC4F9CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {41934EE9-4FAC-43A4-8375-3EC9C4021BA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {567BE05C-6E82-49AB-916D-EFD2C668A9CC} - System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {5F8563ED-B7ED-4AB5-B381-207DDEF8E420} - System32\Tasks\{E907829C-0BD6-4E9D-8CF2-E656FBFB36AC} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\R291793.exe -d C:\Users\Ryan\Desktop
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {70FA3629-E3CD-4518-B867-3EB608E9016E} - System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:B: -include:C: -allCritical -quiet]
Task: {A5B3709B-E471-4213-8109-23C8C7CEC681} - System32\Tasks\{CD235A97-B409-463F-8E8F-CF79FF19B93C} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\I580-A07.EXE -d C:\Users\Ryan\Desktop
Task: {A7F01DBB-90CD-4B80-8BE4-D2D5379A2A9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {BD4FB12E-10C1-4472-98A7-B4C962CAC8D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {C04F1DBD-C070-4B04-ACE5-C631CD2FF95E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {C6F5060D-FE85-4DB6-AD4A-70A11B52C2B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {D703BE43-55DC-4F4E-A794-F71F09CC535F} - System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {DD1C45E3-C460-41DC-AE54-BDDC3A53A11D} - System32\Tasks\SanDisk_SSD_TRIM_172437464102 => C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboard.exe [2017-07-06] (Western Digital Corporation or its affiliates)
Task: {E5FBB09D-19E1-49D9-B45B-42757316272D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2018-03-04] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-13 00:45 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2017-10-31 13:44 - 2017-10-31 13:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2015-04-15 15:13 - 2015-04-15 15:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-10-31 13:44 - 2017-10-31 13:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2018-03-23 02:41 - 2018-03-23 02:41 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000083432 _____ () C:\Servers\Plex Media Server\zlib.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000203240 _____ () C:\Servers\Plex Media Server\libidn.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001083368 _____ () C:\Servers\Plex Media Server\libxml2.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000115688 _____ () C:\Servers\Plex Media Server\soci_core-vc80-3_0.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000059880 _____ () C:\Servers\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000772072 _____ () C:\Servers\Plex Media Server\tag.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001741288 _____ () C:\Servers\Plex Media Server\opencv_imgproc2411.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001962984 _____ () C:\Servers\Plex Media Server\opencv_core2411.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000025576 _____ () C:\Servers\Plex Media Server\lyric_lite.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001549104 _____ () C:\Servers\Plex Media Server\libstdc++-6.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000127136 _____ () C:\Servers\Plex Media Server\libgcc_s_dw2-1.dll
2018-03-29 10:49 - 2018-03-29 10:49 - 000050152 _____ () C:\Servers\Plex Media Server\DLLs\_socket.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000071656 _____ () C:\Servers\Plex Media Server\DLLs\_ssl.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000024552 _____ () C:\Servers\Plex Media Server\DLLs\_hashlib.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000041448 _____ () C:\Servers\Plex Media Server\Exts\simplejson\_speedups.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000930280 _____ () C:\Servers\Plex Media Server\Exts\lxml\etree.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000074728 _____ () C:\Servers\Plex Media Server\libexslt.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000190952 _____ () C:\Servers\Plex Media Server\libxslt.dll
2018-03-29 10:49 - 2018-03-29 10:49 - 000218088 _____ () C:\Servers\Plex Media Server\Exts\lxml\objectify.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000018920 _____ () C:\Servers\Plex Media Server\DLLs\select.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000095720 _____ () C:\Servers\Plex Media Server\DLLs\_ctypes.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000143336 _____ () C:\Servers\Plex Media Server\DLLs\pyexpat.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000694248 _____ () C:\Servers\Plex Media Server\DLLs\unicodedata.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-01-24 15:19 - 2018-04-23 05:17 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-25 16:29 - 2018-04-23 05:16 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-25 16:29 - 2018-04-23 05:16 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000064488 _____ () C:\Servers\Plex Media Server\TeVii.dll
2018-02-22 11:57 - 2018-02-22 11:57 - 024028656 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-11 17:53 - 2018-02-11 17:53 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2018-05-08 23:03 - 2018-05-08 23:03 - 000011264 _____ () a:\temp\nsvD3C7.tmp\System.dll
2017-10-21 18:50 - 2017-10-21 18:50 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2016-02-13 00:45 - 2016-02-13 00:47 - 000194728 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL
2016-10-31 13:02 - 2016-10-31 13:02 - 000406528 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\harfbuzz-vs12.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 001317888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\netcdf.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000037888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\win_iconv.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000053760 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\freexl.dll
2016-08-25 23:13 - 2016-08-25 23:13 - 001041408 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\multiarray.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000371200 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\umath.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 005800448 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\_dotblas.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000141312 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\scalarmath.pyd
2016-06-27 15:21 - 2016-06-27 15:21 - 001014272 _____ () C:\Python27\ArcGIS10.5\DLLs\_hashlib.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000023552 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\lib\_compiled_base.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 005568512 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\lapack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 021509120 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\_umath_linalg.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000058880 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\fft\fftpack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000466432 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\random\mtrand.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000092672 _____ () C:\Python27\ArcGIS10.5\DLLs\_ctypes.pyd
2016-10-31 13:01 - 2016-10-31 13:01 - 000056832 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\SIFT.dll
2016-06-27 15:20 - 2016-06-27 15:20 - 000137216 _____ () C:\Python27\ArcGIS10.5\DLLs\_elementtree.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137728 _____ () C:\Python27\ArcGIS10.5\DLLs\pyexpat.pyd
2016-10-31 13:01 - 2016-10-31 13:01 - 002142720 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_core2411.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000510464 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_ml2411.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 082935384 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera_browser.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 003733592 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libglesv2.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 000086616 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libegl.dll
2018-04-22 01:06 - 2018-04-12 01:24 - 004002816 _____ () C:\Program Files (x86)\Pale Moon\mozjs.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-05-08 15:36 - 000002132 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "LAN Messenger"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Process Hacker 2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{72DA076A-0E83-43B2-BE85-B4C5EA96FC84}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{85164A3A-523C-4052-A27D-DDE6199AC3C0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{8D70B11C-88C9-41ED-9BDB-3247C13F8822}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{111F5483-ED65-41DA-95A1-2DB90EB5BE88}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{738904B9-DFD9-455A-A48B-C0252E601CF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A1E766A-3BB9-4D4E-87B7-2F79E8BF80AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F845745-76A9-43C6-9F23-E806E18F6A1C}] => (Allow) C:\Servers\Plex Media Server\Plex Media Server.exe
FirewallRules: [{16406D6C-2B5B-437A-B8C9-0E9998154CE2}] => (Allow) C:\Servers\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{573A1E58-9471-4134-856F-2439E77145D3}] => (Allow) C:\Servers\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{E72D27DC-3C1F-4810-980B-E025FA9653CC}] => (Allow) C:\Servers\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{D5A057B7-7715-43C1-A8A6-9878C73D4B20}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
08-05-2018 03:31:33 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/09/2018 12:20:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18817, time stamp: 0x59b18749
Faulting module name: IEFRAME.dll, version: 11.0.9600.19003, time stamp: 0x5adc2ad8
Exception code: 0xc0000005
Fault offset: 0x002d44c0
Faulting process id: 0x2128
Faulting application start time: 0x01d3e7556c98f7ac
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\IEFRAME.dll
Report Id: abac2bf6-5348-11e8-bf73-88138c6b85ce
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/08/2018 12:28:48 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/08/2018 12:28:48 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/07/2018 07:22:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 6.5.2018.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1fa0
 
Start Time: 01d3e662a7cbbb63
 
Termination Time: 30
 
Application Path: C:\Users\Ryan\Desktop\FRST64.exe
 
Report Id: edb030ff-5255-11e8-bf71-b42aa5e43901
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/07/2018 09:05:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d88
 
Start Time: 01d3e4fa3a7dba38
 
Termination Time: 0
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 9f95d3c2-51ff-11e8-bf71-b42aa5e43901
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/06/2018 12:57:15 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/06/2018 12:57:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/06/2018 12:16:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Exception code: 0xc0000005
Fault offset: 0x00000000002c7b85
Faulting process id: 0x96c
Faulting application start time: 0x01d3e4f8d481b8a9
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 9b82bbd9-50ec-11e8-bf70-d56ec2f23646
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/08/2018 11:40:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 11:39:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 11:39:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 11:39:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 11:39:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 11:39:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 04:12:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/08/2018 04:12:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
 
Windows Defender:
===================================
Date: 2018-05-08 17:25:53.440
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {B510E112-4754-4D9E-A29B-608796CE34BA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 16:30:21.897
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {B8F806CD-F58A-4C5D-966A-266C941561CE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 03:20:20.120
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {9666617B-108B-4FB2-A100-567A4CCCB0DF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 02:52:57.737
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {81E6488D-02E6-4C88-AC7D-FFEAB0128951}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 02:30:33.976
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {68037815-7BEA-453B-98FF-72FCEC7B8232}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-05 23:33:33.907
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-28 21:31:48.779
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2017-11-17 02:20:17.993
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
CodeIntegrity:
===================================
 
Date: 2017-02-13 21:46:07.170
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.769
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.280
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.593
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.275
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.909
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.592
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 68%
Total physical RAM: 16247.11 MB
Available physical RAM: 5044.07 MB
Total Virtual: 18679.11 MB
Available Virtual: 7104.68 MB
 
==================== Drives ================================
 
Drive a: (TEMPDISK) (Fixed) (Total:3.99 GB) (Free:3.87 GB) FAT32
Drive b: (Backup) (Fixed) (Total:3725.99 GB) (Free:466.65 GB) NTFS
Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:25.94 GB) NTFS
Drive d: (Data Drive) (Fixed) (Total:3725.9 GB) (Free:2222.76 GB) NTFS
 
\\?\Volume{4f1e54b8-a647-11e5-be65-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: E84D4832)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 369A4321)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: A88F821A)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-07.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-09-2018
# Duration: 00:00:19
# OS:       Windows 8.1 Pro
# Scanned:  40830
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:36 PM

Posted 09 May 2018 - 09:39 AM

  • Highlight the entire content of the quote box below.

Start::  
S4 hippovnc_service; "C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe" -service [X]
S4 dbx; system32\DRIVERS\dbx.sys [X]
S4 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
R2 SamSs; C:\WINDOWS\SysWOW64\lsass.exe [0 2018-05-08] () <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
Folder: C:\ProgramData\HitmanPro\Logs
2018-05-08 23:03 - 2018-05-08 23:03 - 000011264 _____ () a:\temp\nsvD3C7.tmp\System.dll
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\wininit.exe
C:\Windows\SysWOW64\winlogon.exe
a:\temp
AlternateShell:
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 10 May 2018 - 09:09 PM

eset ran for about 4 1/2 hours during which time I didn't touch computer, no threats were found.  I don't see a log on my desktop anywhere which I guess is because it found no threats? 
 
Here is fixlog below:
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.05.2018
Ran by Ryan (10-05-2018 14:05:11) Run:3
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mal & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S4 hippovnc_service; "C:\Users\Ryan\YandexDisk\Programs\HippoVNC\WinVNC.exe" -service [X]
S4 dbx; system32\DRIVERS\dbx.sys [X]
S4 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
R2 SamSs; C:\WINDOWS\SysWOW64\lsass.exe [0 2018-05-08] () <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers1: [OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}] -> {55088222-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers2: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers3: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers4: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers5: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
ContextMenuHandlers6: [OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}] -> {55088221-77F2-4174-9D48-7C3720DCB357} =>  -> No File
Folder: C:\ProgramData\HitmanPro\Logs
2018-05-08 23:03 - 2018-05-08 23:03 - 000011264 _____ () a:\temp\nsvD3C7.tmp\System.dll
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\wininit.exe
C:\Windows\SysWOW64\winlogon.exe
a:\temp
AlternateShell:
EMPTYTEMP:
 
*****************
 
"HKLM\System\CurrentControlSet\Services\hippovnc_service" => removed successfully
hippovnc_service => service removed successfully
"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully
dbx => service removed successfully
"HKLM\System\CurrentControlSet\Services\VBoxNetFlt" => removed successfully
VBoxNetFlt => service removed successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
SamSs => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\SamSs" => removed successfully
SamSs => service removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
"HKLM\Software\Classes\CLSID\{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\OpenXX{55088222-77F2-4174-9D48-7C3720DCB357}" => removed successfully
"HKLM\Software\Classes\CLSID\{55088222-77F2-4174-9D48-7C3720DCB357}" => removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
HKLM\Software\Classes\CLSID\{55088221-77F2-4174-9D48-7C3720DCB357} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
HKLM\Software\Classes\CLSID\{55088221-77F2-4174-9D48-7C3720DCB357} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
HKLM\Software\Classes\CLSID\{55088221-77F2-4174-9D48-7C3720DCB357} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
HKLM\Software\Classes\CLSID\{55088221-77F2-4174-9D48-7C3720DCB357} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\OpenXX{55088221-77F2-4174-9D48-7C3720DCB357}" => removed successfully
HKLM\Software\Classes\CLSID\{55088221-77F2-4174-9D48-7C3720DCB357} => not found
 
========================= Folder: C:\ProgramData\HitmanPro\Logs ========================
 
2017-09-25 16:58 - 2017-09-25 16:58 - 000026110 ____A [DD05EBA1920B06A3DB92824B66862009] () C:\ProgramData\HitmanPro\Logs\HitmanPro_20170925_1658.log
2018-04-17 15:35 - 2018-04-17 15:35 - 000012076 ____A [F770DB30B5B5DA1AED249E82BC17D00F] () C:\ProgramData\HitmanPro\Logs\HitmanPro_20180417_1535.log
2018-04-22 01:27 - 2018-04-22 01:27 - 000015670 ____A [104563D066F0B285F5420210211C6397] () C:\ProgramData\HitmanPro\Logs\HitmanPro_20180422_0127.log
2018-05-07 05:48 - 2018-05-07 05:48 - 000001364 ____A [49CAFC09F3AEA3838788B688EF5A7BA6] () C:\ProgramData\HitmanPro\Logs\HitmanPro_20180507_0548.log
 
====== End of Folder: ======
 
"2018-05-08 23:03 - 2018-05-08 23:03 - 000011264 _____ () a:\temp\nsvD3C7.tmp\System.dll" => not found
C:\Windows\SysWOW64\csrss.exe => moved successfully
C:\Windows\SysWOW64\lsass.exe => moved successfully
C:\Windows\SysWOW64\smss.exe => moved successfully
C:\Windows\SysWOW64\wininit.exe => moved successfully
C:\Windows\SysWOW64\winlogon.exe => moved successfully
a:\temp => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 320844643 B
Java, Flash, Steam htmlcache => 1917 B
Windows/system/drivers => 249208 B
Edge => 0 B
Chrome => 0 B
Firefox => 43543734 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Ryan => 1120937 B
Mal => 42379 B
Administrator => 58546 B
MSSQL$SQLEXPRESS => 0 B
ReportServer$SQLEXPRESS => 0 B
 
RecycleBin => 7226588 B
EmptyTemp: => 363.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:05:33 ====


#11 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 10 May 2018 - 09:11 PM

I'm wondering what the "alternate shell" is all about.  Is that usually indicitive that someone been snooping on your computer?



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:36 PM

Posted 10 May 2018 - 10:03 PM

The Alternate Shell is an alternative graphical user interface for Microsoft Windows operating systems, usually used in Safe Mode. In your case, it was missing. When you ran FRST, a drive, identified as Drive A:, was connected to your computer. A trojan downloader is residing in that drive. FRST did not identify this drive during the fix. Chances are that that drive is the culprit of your problems. At least the temp folder in that drive, A:\Temp, should be deleted.

 

 

  • Highlight the entire content of the quote box below.

Start::

DeleteValue: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled|AlternateShell

End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

Run FRST once again.

 

 

  • Double-click to run it.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 11 May 2018 - 01:48 PM

Before I run this above in FRST, a trojan downloader in the A drive would be really a serious deal because of the fact that my A drive is a RAMdisk drive.  I use it for my temp files and I sometimes download files to it that I know I won't want later (like I'll download a zip file to A: drive and unzip the contents to somewhere on my C: drive (OS) or D: drive (data drive).  I also use my A: drive for my browser cache, and a couple other small things like the scatch disk for photoshop, etc.  

 

When I reset my computer, since it's a RAM drive, it wipes itself out automatically when the computer powers down.  Then when I turn my computer back on, it reads a 4 GB *.img file on my D drive, which is basically a disk image of a fresh A drive. It contains only a folder structure, with no files on it.  This way my temp files, cache, and whatever else I deem temporary get wiped out at every shutdown or restart.

 

So if a trojan downloader was residing on there at some point, it had to been put there very recently since last time I booted up within the last 24 hours.  So I'm assuming the problem must be more widespread beyond the A: drive?



#14 wardr

wardr
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 11 May 2018 - 02:01 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.05.2018
Ran by Ryan (11-05-2018 13:57:41) Run:4
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mal & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
DeleteValue: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled|AlternateShell
 
*****************
 
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled\\AlternateShell" => removed successfully
 
==== End of Fixlog 13:57:44 ====
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.05.2018
Ran by Ryan (administrator) on WENTZ (11-05-2018 13:58:38)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Mal & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Plex, Inc.) C:\Servers\Plex Media Server\Plex Update Service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
() C:\Program Files\Everything\Everything.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Plex, Inc.) C:\Servers\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Servers\Plex Media Server\PlexScriptHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Telegram Messenger LLP) C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe
(Plex, Inc.) C:\Servers\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Servers\Plex Media Server\Plex Tuner Service.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISConnection.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\AppROT.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitReader.exe
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcCatalog.exe
(Igor Pavlov) C:\Program Files\7-Zip\7zFM.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcMap.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Opera Software) D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465608 2017-10-01] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-03-30] (Tonec Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5488080 2018-03-23] (SecureMix LLC)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\MountPoints2: {681a7406-dfb6-11e7-bf2e-c00c37bcec54} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Servers\Plex Media Server\Plex Media Server.exe [17781736 2018-03-29] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk [2018-03-31]
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-12]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2018-05-06]
ShortcutTarget: Telegram.lnk -> C:\Users\Ryan\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{58CE04B3-F4B0-4D9B-AF66-F4A0F3A01012}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{BB3C93D3-89CD-4A49-BA89-580965FFFED8}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-13] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-03-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-03-02] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7og14rox.default
FF DefaultProfile: th12gtab.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default [2018-05-10]
FF Session Restore: Mozilla\Firefox\Profiles\7og14rox.default -> is enabled.
FF Extension: (Disconnect) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Geolocater) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\geolocater@3liz.com [2016-11-20] [Legacy]
FF Extension: (Disable CSS) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-1VwU0d7h7azvou6XbFWe9tmQyoQ@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-29] [Legacy]
FF Extension: (Decentraleyes) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2018-02-26]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-30] [Legacy]
FF Extension: (Save as PDF) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-11-14]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\support@lastpass.com.xpi [2018-04-21]
FF Extension: (Google Translator for Firefox) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\translator@zoli.bod.xpi [2018-04-12]
FF Extension: (uBlock Origin) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-07]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2018-01-31]
FF Extension: (Capture & Print) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2018-01-17]
FF Extension: (JavaScript on-off applet) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-04-03] [Legacy]
FF Extension: (RightToClick) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\7og14rox.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-06-24] [Legacy]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\th12gtab.default [2018-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-12-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Ryan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ryan\AppData\Roaming\IDM\idmmzcc5 [2017-04-15] [Legacy] [not signed]
FF HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-03-02] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-23] (Dropbox, Inc.)
R2 Everything; C:\Program Files\everything\everything.exe [1441792 2014-08-05] () [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4338640 2018-03-23] (SecureMix LLC)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 PlexUpdateService; C:\Servers\Plex Media Server\Plex Update Service.exe [2212328 2018-03-29] (Plex, Inc.)
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-10-10] (SanDisk) [File not signed]
S4 SNMP; C:\WINDOWS\System32\snmp.exe [50688 2018-03-30] (Microsoft Corporation)
S4 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2018-03-30] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2017-10-31] () [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S4 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [698296 2016-03-10] (Károly Pados) [File not signed]
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-19] (Reason Software Company Inc.)
R2 vmms; C:\WINDOWS\system32\vmms.exe [13840384 2018-04-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [167944 2018-05-02] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [19456 2018-04-19] (Microsoft Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-25] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2018-05-07] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-26] (Malwarebytes)
R1 MpKsl0519b042; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51F239BD-90A2-4152-AE2D-CBBC22B6E319}\MpKsl0519b042.sys [58120 2018-05-11] (Microsoft Corporation)
R0 Mrvdp; C:\WINDOWS\System32\drivers\mrvdp.sys [64944 2017-12-01] (Windows ® Win 7 DDK provider)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [22016 2018-04-19] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows ® Win 7 DDK provider)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [28160 2018-04-19] (Microsoft Corporation)
R1 RAMDiskVE; C:\WINDOWS\System32\Drivers\RAMDiskVE.sys [86744 2016-05-12] (Dataram, Inc.)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [40888 2017-08-20] (USBPcap)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [18944 2018-04-19] (Microsoft Corporation)
R3 VMSMP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [688640 2018-02-08] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-11 13:58 - 2018-05-11 13:59 - 000026498 _____ C:\Users\Ryan\Desktop\FRST.txt
2018-05-11 13:57 - 2018-05-11 13:57 - 000000579 _____ C:\Users\Ryan\Desktop\Fixlog.txt
2018-05-09 23:51 - 2018-05-09 23:51 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2018-05-09 00:20 - 2018-05-09 00:58 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\Mozilla
2018-05-08 15:13 - 2018-05-08 15:13 - 000000000 ____D C:\Program Files\KeyboardNotification
2018-05-08 13:47 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 13:47 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 13:47 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 13:47 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 13:47 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 13:47 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 13:47 - 2018-04-10 13:53 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2018-05-08 13:47 - 2018-04-10 12:43 - 013840384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2018-05-08 13:47 - 2018-03-24 09:56 - 007033344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 13:47 - 2018-03-24 09:54 - 006214144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 13:47 - 2018-03-10 11:33 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 13:46 - 2018-04-22 04:02 - 000803696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 13:46 - 2018-04-22 03:06 - 000612600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 13:46 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 13:46 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 13:46 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 13:46 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 13:46 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 13:46 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 13:46 - 2018-04-22 01:57 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-05-08 13:46 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 13:46 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 13:46 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-05-08 13:46 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-08 13:46 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-08 13:46 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 13:46 - 2018-04-22 01:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-05-08 13:46 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-05-08 13:46 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-08 13:46 - 2018-04-22 01:27 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-08 13:46 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-08 13:46 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 13:46 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 13:46 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 13:46 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 13:46 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 13:46 - 2018-04-15 11:55 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 13:46 - 2018-04-15 11:16 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 13:46 - 2018-04-10 20:03 - 007406936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 13:46 - 2018-04-10 20:02 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 13:46 - 2018-04-10 20:02 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 13:46 - 2018-04-10 13:51 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-05-08 13:46 - 2018-04-10 13:27 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-08 13:46 - 2018-04-10 13:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 13:46 - 2018-04-10 12:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthstor.dll
2018-05-08 13:46 - 2018-04-10 12:43 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthfcvdev.dll
2018-05-08 13:46 - 2018-04-10 12:01 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-08 13:46 - 2018-04-10 11:50 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 13:46 - 2018-04-07 11:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-05-08 13:46 - 2018-04-07 10:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-05-08 13:46 - 2018-04-07 10:41 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 13:46 - 2018-04-07 10:23 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 13:46 - 2018-04-07 10:20 - 001707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 13:46 - 2018-04-07 10:10 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 13:46 - 2018-04-07 10:06 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-08 13:46 - 2018-04-07 10:01 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-08 13:46 - 2018-04-06 16:27 - 000376656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 13:46 - 2018-03-24 10:57 - 001101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2018-05-08 13:46 - 2018-03-24 10:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-08 13:46 - 2018-03-24 10:34 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2018-05-08 13:46 - 2018-03-24 10:22 - 001086976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-08 13:46 - 2018-03-15 17:29 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-08 13:46 - 2018-03-10 15:55 - 000137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2018-05-08 13:46 - 2018-03-10 14:04 - 000120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2018-05-08 13:46 - 2018-03-10 12:51 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-08 13:46 - 2018-03-10 12:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-05-08 13:46 - 2018-03-10 12:47 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 13:46 - 2018-03-10 12:43 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2018-05-08 13:46 - 2018-03-10 11:46 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-08 13:46 - 2018-03-10 11:44 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-08 13:46 - 2018-03-10 11:35 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-08 13:46 - 2018-03-10 11:35 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-08 13:46 - 2018-03-10 11:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2018-05-08 13:46 - 2018-03-10 11:21 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2018-05-08 13:46 - 2018-03-10 11:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2018-05-08 13:46 - 2018-03-10 11:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-05-08 13:46 - 2018-03-10 11:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-05-08 13:46 - 2018-03-10 11:17 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2018-05-08 13:46 - 2018-03-10 11:17 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-08 13:46 - 2018-03-09 13:57 - 000276816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-08 13:46 - 2018-03-03 11:24 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-05-08 13:46 - 2018-03-03 11:18 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-05-08 13:46 - 2018-03-03 11:18 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2018-05-08 13:46 - 2018-03-03 11:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-05-08 13:46 - 2018-03-03 11:04 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-05-08 13:46 - 2018-03-03 11:04 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2018-05-08 13:46 - 2018-02-14 16:45 - 001308336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-08 13:46 - 2018-02-14 09:47 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-07 06:14 - 2018-05-11 13:58 - 000000000 ____D C:\FRST
2018-05-07 06:13 - 2018-05-10 14:05 - 002404864 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2018-05-06 02:29 - 2018-05-06 02:29 - 000000000 ___HD C:\WINDOWS\PIF
2018-05-06 00:17 - 2018-05-09 00:42 - 000000000 ____D C:\AdwCleaner
2018-05-05 23:33 - 2018-05-06 00:21 - 000227326 _____ C:\WINDOWS\ntbtlog.txt
2018-05-05 23:30 - 2018-05-07 05:50 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-05 08:13 - 2018-05-05 08:13 - 000000000 ____D C:\Users\Ryan\.gnome2
2018-05-04 23:08 - 2018-05-04 23:08 - 000000000 ___DL C:\project
2018-05-04 20:11 - 2018-05-04 20:11 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\AMD
2018-05-02 05:15 - 2018-05-02 05:15 - 000167944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WirelessKB850NotificationService.exe
2018-04-25 16:29 - 2018-04-25 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-04-24 03:07 - 2018-04-24 03:07 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-24 03:01 - 2018-04-24 03:02 - 000000000 ____D C:\AMD
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-23 22:42 - 2018-04-23 22:44 - 000000000 ____D C:\delete
2018-04-23 05:15 - 2018-04-23 05:15 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-23 05:15 - 2018-04-23 05:15 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-22 04:56 - 2018-04-22 04:56 - 000000000 ____D C:\Program Files (x86)\AM-DeadLink
2018-04-22 01:41 - 2018-04-22 01:41 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-04-22 01:40 - 2018-04-22 01:41 - 000000000 ____D C:\ProgramData\EPSON
2018-04-22 01:40 - 2018-04-22 01:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-04-22 01:39 - 2010-09-28 18:01 - 000118784 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMHWA.DLL
2018-04-22 01:39 - 2010-08-09 18:02 - 000083456 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BHWA.DLL
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2018-04-22 01:29 - 2018-04-22 01:29 - 000000000 ____D C:\Program Files (x86)\Privacyware
2018-04-22 01:29 - 2013-09-29 21:24 - 000133152 _____ (Privacyware/PWI, Inc.) C:\WINDOWS\system32\Drivers\pwipf6.sys
2018-04-22 01:06 - 2018-04-22 01:06 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Moonchild Productions
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2018-04-20 07:30 - 2015-03-08 19:25 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickvpexchange.dll
2018-04-20 07:30 - 2015-03-08 19:24 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicguestinterface.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicshutdown.dll
2018-04-20 07:30 - 2015-03-08 19:23 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimesync.dll
2018-04-20 07:30 - 2015-03-08 19:22 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicheartbeat.dll
2018-04-20 07:30 - 2015-03-08 19:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvss.dll
2018-04-20 07:30 - 2015-03-08 19:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\GRASS7
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRASS GIS 7.0.4
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Users\Ryan\Documents\grassdata
2018-04-19 18:23 - 2018-04-19 18:24 - 000000000 ____D C:\Program Files\GRASS GIS 7.0.4
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-04-19 18:18 - 2018-04-19 18:18 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-04-19 17:35 - 2018-05-05 21:19 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3}
2018-04-19 17:35 - 2018-05-05 21:19 - 000003684 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2}
2018-04-19 17:18 - 2018-04-19 17:21 - 000005797 _____ C:\WINDOWS\Macrium Reflect Patch Log.txt
2018-04-19 16:46 - 2018-05-10 14:09 - 027715584 _____ C:\WINDOWS\system32\vmguest.iso
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\vmguest
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\Hyper-V
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files\CMAK
2018-04-19 16:44 - 2018-04-19 16:44 - 000000000 ____D C:\Program Files (x86)\CMAK
2018-04-19 16:12 - 2018-05-06 00:22 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-04-18 18:41 - 2018-04-18 18:38 - 000383786 _____ C:\bootmgr
2018-04-18 18:19 - 2013-04-18 15:54 - 000010414 _____ C:\WINDOWS\system32\athw8x.cat
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2018-04-18 18:19 - 2013-01-22 14:40 - 003653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2018-04-18 00:02 - 2018-05-05 21:22 - 000003880 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28}
2018-04-18 00:02 - 2018-05-05 21:21 - 000003832 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F}
2018-04-18 00:02 - 2018-04-19 17:35 - 000000000 ____D C:\Users\Ryan\Documents\Reflect
2018-04-17 23:35 - 2018-04-17 23:35 - 000001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium viBoot.lnk
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-04-17 23:35 - 2018-04-17 23:35 - 000000000 ____D C:\Program Files\Macrium
2018-04-17 23:13 - 2018-04-18 18:37 - 000000000 ____D C:\ProgramData\Macrium
2018-04-17 22:42 - 2018-04-17 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-04-17 21:47 - 2018-04-17 21:47 - 000000000 ____D C:\Users\Ryan\Documents\WinMerge
2018-04-17 20:34 - 2018-04-17 20:34 - 000000000 ___DL C:\subsonic
2018-04-17 20:16 - 2018-04-17 20:31 - 000000000 ____D C:\Servers
2018-04-17 18:58 - 2018-04-17 18:12 - 000040592 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2018-04-17 18:58 - 2018-01-30 10:26 - 000076968 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRCBT.sys
2018-04-17 18:58 - 2018-01-30 09:28 - 000088944 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\MRCBTES.dll
2018-04-17 15:35 - 2018-04-17 15:35 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-04-17 15:22 - 2018-04-17 15:22 - 000000366 _____ C:\TDSSKiller.3.1.0.12_17.04.2018_15.22.27_log.txt
2018-04-17 14:35 - 2018-05-08 00:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\kleopatra
2018-04-17 14:35 - 2018-05-08 00:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\gnupg
2018-04-17 14:35 - 2018-04-17 14:35 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-04-17 14:35 - 2018-04-17 14:35 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-04-17 01:48 - 2018-04-17 01:52 - 000000000 ____D C:\ProgramData\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-04-17 01:48 - 2018-04-17 01:48 - 000000000 ____D C:\Program Files\UCheck
2018-04-17 01:41 - 2018-04-17 01:41 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-13 16:28 - 2018-05-10 14:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Telegram Desktop
2018-04-13 16:28 - 2018-04-13 16:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-04-13 12:23 - 2018-05-07 13:29 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Wireshark
2018-04-13 12:21 - 2018-04-13 12:21 - 000001800 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\Wireshark
2018-04-13 12:20 - 2018-04-13 12:21 - 000000000 ____D C:\Program Files\USBPcap
2018-04-12 02:36 - 2018-04-12 02:36 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2018-04-12 00:18 - 2018-04-16 20:33 - 000000000 ____D C:\wallets
2018-04-12 00:18 - 2018-04-12 00:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum-LTC
2018-04-11 14:40 - 2018-05-05 02:15 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Electrum
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-11 13:33 - 2016-02-12 23:12 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-11 11:54 - 2017-04-04 21:13 - 000000000 ____D C:\Users\Ryan\.matplotlib
2018-05-11 10:12 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\DMCache
2018-05-11 04:16 - 2014-11-21 03:43 - 000808718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-11 04:16 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-10 22:26 - 2015-12-25 10:43 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Everything
2018-05-10 14:33 - 2016-02-12 23:12 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-10 14:08 - 2015-12-24 10:04 - 000000000 ___DO C:\Users\Ryan\OneDrive
2018-05-10 14:07 - 2015-12-19 09:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-10 14:07 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-10 00:15 - 2015-12-19 09:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-1001
2018-05-09 00:21 - 2016-02-17 22:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2018-05-08 23:23 - 2017-10-25 14:23 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-08 23:23 - 2017-10-25 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-08 23:23 - 2017-10-25 14:23 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-08 17:26 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2018-05-08 15:36 - 2018-04-07 14:04 - 016190640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-08 15:36 - 2017-03-29 20:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-08 15:36 - 2015-12-25 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-08 15:16 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 15:13 - 2015-12-23 23:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 15:09 - 2017-10-13 12:58 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 15:08 - 2015-12-23 23:50 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-08 14:12 - 2015-12-25 10:38 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-07 19:06 - 2016-02-12 22:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\IDM
2018-05-06 00:56 - 2015-12-19 09:25 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2018-05-05 23:33 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-05-05 08:13 - 2015-12-24 09:49 - 000000000 ____D C:\Users\Ryan
2018-04-30 17:39 - 2014-11-21 11:23 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-30 17:39 - 2014-11-21 11:23 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-25 16:29 - 2016-02-12 23:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-24 02:32 - 2016-02-13 04:06 - 000000000 ____D C:\Users\Ryan\Documents\Outlook Files
2018-04-23 23:20 - 2018-04-10 14:28 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Videos
2018-04-23 22:47 - 2016-02-14 10:09 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2018-04-23 22:46 - 2018-04-10 14:26 - 000000000 ____D C:\Users\Ryan\Documents\My CamStudio Temp Files
2018-04-23 22:44 - 2018-04-10 14:26 - 000000096 _____ C:\Users\Ryan\AppData\Roaming\version2.xml
2018-04-23 22:44 - 2016-04-17 21:04 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\OBS
2018-04-23 22:33 - 2018-04-10 14:29 - 000000098 _____ C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-22 01:29 - 2016-02-21 02:35 - 000000146 _____ C:\WINDOWS\ODBC.INI
2018-04-21 22:40 - 2015-12-25 12:44 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-04-19 19:41 - 2017-10-16 18:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2018-04-19 19:41 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-04-19 16:44 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\schemas
2018-04-19 16:40 - 2017-09-14 13:17 - 000068952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2018-04-19 16:40 - 2017-09-14 13:17 - 000019800 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-19 16:40 - 2014-11-21 04:19 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2018-04-19 16:40 - 2014-11-21 04:17 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthnic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmulatedNic.dll
2018-04-19 16:40 - 2014-11-21 04:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2018-04-19 16:40 - 2014-11-21 03:53 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2018-04-19 16:40 - 2013-08-22 06:48 - 000014688 _____ C:\WINDOWS\system32\sbresources.dll
2018-04-19 16:40 - 2013-08-22 06:46 - 001466522 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2018-04-19 16:40 - 2013-08-22 06:39 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2018-04-19 16:40 - 2013-08-22 06:39 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2018-04-19 16:40 - 2013-08-22 06:38 - 000039739 _____ C:\WINDOWS\system32\hypervisor.mof
2018-04-19 16:40 - 2013-08-22 05:59 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2018-04-19 16:40 - 2013-08-22 05:35 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2018-04-19 16:40 - 2013-08-22 04:53 - 000033280 _____ C:\WINDOWS\system32\ActivationVdev.dll
2018-04-19 16:40 - 2013-08-22 04:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2018-04-19 16:40 - 2013-08-22 04:38 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2018-04-19 16:40 - 2013-08-22 03:25 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2018-04-19 16:40 - 2013-08-22 02:35 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2018-04-19 16:20 - 2016-05-29 20:52 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2018-04-18 18:19 - 2016-02-12 21:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-17 22:42 - 2015-12-24 10:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-17 20:29 - 2016-03-18 18:33 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125547639-1294637962-2935245663-500
2018-04-17 20:19 - 2017-10-16 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-04-17 15:35 - 2017-09-25 16:53 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-17 01:41 - 2016-05-29 20:52 - 000000000 ____D C:\ProgramData\Skype
2018-04-17 00:29 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-16 18:06 - 2016-04-22 21:24 - 000004042 _____ C:\WINDOWS\System32\Tasks\WeeklyFullBackup
2018-04-16 12:30 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-15 21:53 - 2015-12-25 11:13 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2018-04-11 05:16 - 2016-12-30 19:09 - 000000000 ____D C:\Users\Ryan\.qgis2
 
==================== Files in the root of some directories =======
 
2016-07-08 23:43 - 2016-07-08 23:44 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-05-10 20:57 - 2017-08-29 15:52 - 000000132 _____ () C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-04-23 22:44 - 2018-04-24 02:33 - 000000172 _____ () C:\Users\Ryan\AppData\Roaming\CamData.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 000135089 _____ () C:\Users\Ryan\AppData\Roaming\CamLayout.ini
2018-04-23 22:44 - 2018-04-24 02:33 - 002274213 _____ () C:\Users\Ryan\AppData\Roaming\CamShapes.ini
2018-04-23 22:44 - 2018-04-23 22:42 - 000004597 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.cfg
2018-04-23 22:44 - 2018-04-18 18:40 - 000006920 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.ini
2018-04-10 14:29 - 2018-04-23 22:33 - 000000098 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.command
2018-04-23 22:44 - 2018-04-23 22:33 - 000000000 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.Data.ini
2018-04-23 22:44 - 2018-04-23 22:33 - 000001206 _____ () C:\Users\Ryan\AppData\Roaming\CamStudio.Producer.ini
2018-04-10 14:26 - 2018-04-23 22:44 - 000000096 _____ () C:\Users\Ryan\AppData\Roaming\version2.xml
2016-05-10 15:51 - 2018-05-04 20:17 - 000001456 _____ () C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
2018-03-11 02:21 - 2018-03-31 12:53 - 000000600 _____ () C:\Users\Ryan\AppData\Local\PUTTY.RND
2018-05-05 08:13 - 2018-05-05 08:13 - 000000776 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2016-02-12 22:46 - 2018-05-08 20:03 - 000007661 _____ () C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2017-01-01 09:48 - 2017-01-01 09:48 - 000018432 _____ () C:\Users\Ryan\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-05 21:31
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.05.2018
Ran by Ryan (11-05-2018 13:59:28)
Running from C:\Users\Ryan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-12-24 15:02:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1125547639-1294637962-2935245663-500 - Administrator - Enabled) => C:\Users\Administrator
backup (S-1-5-21-1125547639-1294637962-2935245663-1008 - Limited - Enabled)
Guest (S-1-5-21-1125547639-1294637962-2935245663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125547639-1294637962-2935245663-1004 - Limited - Enabled)
Mal (S-1-5-21-1125547639-1294637962-2935245663-1007 - Limited - Enabled) => C:\Users\Mal
Ryan (S-1-5-21-1125547639-1294637962-2935245663-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acrylic Wi-Fi Home v3.3 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.3 - Tarlogic Research S.L.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\{0368352A-8996-4E80-B9A1-B1BA43FAE6E6}) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 2.1.10257 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 1 (2.1.1) (HKLM\...\ArcGISPro Update211) (Version: ArcGIS Pro 2.1 Patch 1 (2.1.1) - Environmental Systems Research Institute, Inc.)
ArcGIS Pro 2.1 Patch 2 (2.1.2) (HKLM\...\ArcGISPro Update212) (Version: ArcGIS Pro 2.1 Patch 2 (2.1.2) - Environmental Systems Research Institute, Inc.)
BehavePlus 5.0.5 (HKLM-x32\...\BehavePlus 5.0.5) (Version: BehavePlus 5.0.5 - US Forest Service & Systems for Environmental Management)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{7854643f-7fd5-4964-b806-ec96e833c6d8}) (Version: 4.0.7415.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.11.2 (HKLM-x32\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.102 - SecureMix LLC)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.6 - The GnuPG Project)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (3.1.0) (HKLM-x32\...\Gpg4win) (Version: 3.1.0 - The Gpg4win Project)
GRASS GIS 7.0 (x86_64) (HKLM-x32\...\GRASS GIS 7.0.4) (Version: 7.0.4-1 - GRASS Development Team)
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infix PDF Editor version 7.2.4.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 7.2.4.0 - Iceni Technology)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\{5C6B042F-4CF9-4FAA-B6E3-114ED13B3F1F}) (Version: 7.1.3147 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Pale Moon (x86 en-US) (HKLM-x32\...\Pale Moon (x86 en-US)) (Version: 27.9.0 - Moonchild Productions)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{7FF4B7DE-1868-4FC7-85D1-71AB4A9854AA}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{a5994029-1812-4589-9a98-d383ef836659}) (Version: 1.12.2.4929 - Plex, Inc.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QGIS 2.18 2.18.2 Las Palmas (HKLM\...\QGIS 2.18) (Version:  - QGIS Development Team)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.16.0 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.4.4 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{F4D977F4-1480-4F6A-A6BC-B2AB1D9E4F66}) (Version: 1.1.0 - SanDisk Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Stopping Plex (HKLM-x32\...\{21805CDC-99F9-4FC3-9862-E9A23217F9B2}) (Version: 1.12.2929 - Plex, Inc.) Hidden
Subsonic (HKLM-x32\...\Subsonic) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Telegram Desktop version 1.2.17 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.17 - Telegram Messenger LLP)
TinyWall (HKLM-x32\...\{20E767BE-FE75-4429-8722-A5D75AC2FCA6}) (Version: 2.1.8.0 - Károly Pados)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
UCheck version 2.3.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.3.0 - Adlice Software)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\WinDirStat) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Wireshark 2.4.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.6 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1125547639-1294637962-2935245663-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-03-30] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-04-13] (g10 Code GmbH)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-11-13] (IvoSoft)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D6AA24E-9BC2-4D82-8A3F-740A8F0010DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {199570A0-61A9-47D9-9B7F-9C215DEE5C6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {24705A6B-274F-4BE3-956A-9307E7A8E8DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {24BADFDE-DBAC-40ED-8DBE-FE80486BC3DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {28DD153D-B8A6-4344-90C3-8DEC2C0DF0BA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wardr@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {28FC4995-C863-42E8-867A-492B826A57B4} - System32\Tasks\Macrium-Backup-{9F65C8A5-C324-45FD-80CA-63861622A7D3} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {347A26A4-01EC-4D10-98A1-EF0D9FAD6123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {3707E839-088F-43E2-A580-2370CAC4F9CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {41934EE9-4FAC-43A4-8375-3EC9C4021BA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {4EC6F37F-AEA4-4573-BD8F-ADE76E87A910} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {5173A162-E966-499B-A739-DE88496C5253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {567BE05C-6E82-49AB-916D-EFD2C668A9CC} - System32\Tasks\Macrium-Backup-{74F99CC4-474B-4781-ADC1-7477160C30E2} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {5F8563ED-B7ED-4AB5-B381-207DDEF8E420} - System32\Tasks\{E907829C-0BD6-4E9D-8CF2-E656FBFB36AC} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\R291793.exe -d C:\Users\Ryan\Desktop
Task: {6F1573FF-AE61-44E7-A614-9B26DF9B8265} - System32\Tasks\{2C903DA9-2302-4E07-A198-0965AA1200FB} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -d C:\WINDOWS\system32 -c /user
Task: {70FA3629-E3CD-4518-B867-3EB608E9016E} - System32\Tasks\Macrium-Backup-{4E8A8154-0052-479D-A8E3-8046FC67DA28} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {75A53F2C-87D4-494D-A3B1-3BCA2C521AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {9D3C28B1-1D78-41C3-AABA-0C2581F071E6} - System32\Tasks\WeeklyFullBackup => wbAdmin [Argument = Start Backup -backupTarget:B: -include:C: -allCritical -quiet]
Task: {A5B3709B-E471-4213-8109-23C8C7CEC681} - System32\Tasks\{CD235A97-B409-463F-8E8F-CF79FF19B93C} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ryan\Desktop\I580-A07.EXE -d C:\Users\Ryan\Desktop
Task: {A7F01DBB-90CD-4B80-8BE4-D2D5379A2A9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-10-21] (Microsoft Corporation)
Task: {BD4FB12E-10C1-4472-98A7-B4C962CAC8D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {C04F1DBD-C070-4B04-ACE5-C631CD2FF95E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {C6F5060D-FE85-4DB6-AD4A-70A11B52C2B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {D703BE43-55DC-4F4E-A794-F71F09CC535F} - System32\Tasks\Macrium-Backup-{9B95E2B0-C356-4470-8A16-420C4D79D66F} => C:\program files\macrium\reflect\Reflect.exe [2018-04-17] (Paramount Software UK Ltd)
Task: {DD1C45E3-C460-41DC-AE54-BDDC3A53A11D} - System32\Tasks\SanDisk_SSD_TRIM_172437464102 => C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboard.exe [2017-07-06] (Western Digital Corporation or its affiliates)
Task: {E5FBB09D-19E1-49D9-B45B-42757316272D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2018-03-04] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ArcGIS Indexing (MicrosoftAccount_wardr@outlook.com).job => c:\program files (x86)\arcgis\desktop10.2\bin\DesktopIndexingService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-13 00:45 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-25 10:43 - 2014-08-05 20:04 - 001441792 _____ () C:\Program Files\everything\everything.exe
2017-10-31 13:44 - 2017-10-31 13:44 - 000259584 _____ () C:\Program Files (x86)\Subsonic\subsonic-service.exe
2015-04-15 15:13 - 2015-04-15 15:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-31 13:44 - 2017-10-31 13:44 - 000253952 _____ () C:\Program Files (x86)\Subsonic\subsonic-agent.exe
2018-03-23 02:41 - 2018-03-23 02:41 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000083432 _____ () C:\Servers\Plex Media Server\zlib.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000203240 _____ () C:\Servers\Plex Media Server\libidn.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001083368 _____ () C:\Servers\Plex Media Server\libxml2.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000115688 _____ () C:\Servers\Plex Media Server\soci_core-vc80-3_0.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000059880 _____ () C:\Servers\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000772072 _____ () C:\Servers\Plex Media Server\tag.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001741288 _____ () C:\Servers\Plex Media Server\opencv_imgproc2411.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001962984 _____ () C:\Servers\Plex Media Server\opencv_core2411.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000025576 _____ () C:\Servers\Plex Media Server\lyric_lite.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 001549104 _____ () C:\Servers\Plex Media Server\libstdc++-6.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000127136 _____ () C:\Servers\Plex Media Server\libgcc_s_dw2-1.dll
2018-03-29 10:49 - 2018-03-29 10:49 - 000050152 _____ () C:\Servers\Plex Media Server\DLLs\_socket.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000071656 _____ () C:\Servers\Plex Media Server\DLLs\_ssl.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000024552 _____ () C:\Servers\Plex Media Server\DLLs\_hashlib.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000041448 _____ () C:\Servers\Plex Media Server\Exts\simplejson\_speedups.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000930280 _____ () C:\Servers\Plex Media Server\Exts\lxml\etree.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000074728 _____ () C:\Servers\Plex Media Server\libexslt.dll
2018-03-29 10:48 - 2018-03-29 10:48 - 000190952 _____ () C:\Servers\Plex Media Server\libxslt.dll
2018-03-29 10:49 - 2018-03-29 10:49 - 000218088 _____ () C:\Servers\Plex Media Server\Exts\lxml\objectify.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000018920 _____ () C:\Servers\Plex Media Server\DLLs\select.pyd
2018-03-29 10:49 - 2018-03-29 10:49 - 000095720 _____ () C:\Servers\Plex Media Server\DLLs\_ctypes.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000143336 _____ () C:\Servers\Plex Media Server\DLLs\pyexpat.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000694248 _____ () C:\Servers\Plex Media Server\DLLs\unicodedata.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-01-24 15:19 - 2018-04-23 05:15 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-25 16:29 - 2018-04-23 05:15 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-24 15:19 - 2018-04-23 05:16 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-24 15:19 - 2018-04-23 05:15 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-01-24 15:19 - 2018-04-23 05:17 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-25 16:29 - 2018-04-23 05:15 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-24 15:19 - 2018-04-23 05:17 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-01-24 15:19 - 2018-04-23 05:17 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-25 16:29 - 2018-04-23 05:16 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-25 16:29 - 2018-04-23 05:16 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-25 16:29 - 2018-04-23 05:16 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-03-29 10:48 - 2018-03-29 10:48 - 000064488 _____ () C:\Servers\Plex Media Server\TeVii.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 082935384 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\opera_browser.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 003733592 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libglesv2.dll
2018-02-21 09:59 - 2018-02-21 09:59 - 000086616 _____ () D:\PortableApps\OperaPortable\App\Opera\51.0.2830.40\libegl.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 000039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-03-02 20:36 - 2015-12-29 04:14 - 000566976 _____ () C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\CommentsSummary.fpi
2016-03-02 20:36 - 2015-12-29 04:14 - 000122560 _____ () C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\Speech.fpi
2018-04-22 01:06 - 2018-04-12 01:24 - 004002816 _____ () C:\Program Files (x86)\Pale Moon\mozjs.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000406528 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\harfbuzz-vs12.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000056832 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\SIFT.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 001317888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\netcdf.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000037888 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\win_iconv.dll
2016-10-31 13:02 - 2016-10-31 13:02 - 000053760 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\freexl.dll
2016-08-25 23:13 - 2016-08-25 23:13 - 001041408 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\multiarray.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000371200 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\umath.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 005800448 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\_dotblas.pyd
2016-08-25 23:13 - 2016-08-25 23:13 - 000141312 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\core\scalarmath.pyd
2016-06-27 15:21 - 2016-06-27 15:21 - 001014272 _____ () C:\Python27\ArcGIS10.5\DLLs\_hashlib.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000023552 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\lib\_compiled_base.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 005568512 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\lapack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 021509120 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\linalg\_umath_linalg.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000058880 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\fft\fftpack_lite.pyd
2016-08-25 23:14 - 2016-08-25 23:14 - 000466432 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\numpy\random\mtrand.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000092672 _____ () C:\Python27\ArcGIS10.5\DLLs\_ctypes.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137216 _____ () C:\Python27\ArcGIS10.5\DLLs\_elementtree.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000137728 _____ () C:\Python27\ArcGIS10.5\DLLs\pyexpat.pyd
2016-10-31 13:01 - 2016-10-31 13:01 - 002142720 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_core2411.dll
2016-10-31 13:01 - 2016-10-31 13:01 - 000510464 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\opencv_ml2411.dll
2016-06-27 15:20 - 2016-06-27 15:20 - 000047616 _____ () C:\Python27\ArcGIS10.5\DLLs\_socket.pyd
2016-06-27 15:21 - 2016-06-27 15:21 - 001405440 _____ () C:\Python27\ArcGIS10.5\DLLs\_ssl.pyd
2016-08-30 22:40 - 2016-08-30 22:40 - 000118784 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\matplotlib\_path.pyd
2016-08-29 20:18 - 2016-08-29 20:18 - 002020864 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\_sparsetools.pyd
2016-08-29 20:17 - 2016-08-29 20:17 - 000278528 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\_csparsetools.pyd
2016-08-29 20:17 - 2016-08-29 20:17 - 000139776 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\csgraph\_shortest_path.pyd
2016-08-29 20:17 - 2016-08-29 20:17 - 000090112 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\csgraph\_tools.pyd
2016-08-29 20:17 - 2016-08-29 20:17 - 000091136 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\csgraph\_traversal.pyd
2016-08-29 20:17 - 2016-08-29 20:17 - 000103936 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\csgraph\_min_spanning_tree.pyd
2016-08-29 20:17 - 2016-08-29 20:17 - 000166912 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\sparse\csgraph\_reordering.pyd
2016-08-29 20:18 - 2016-08-29 20:18 - 000266752 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\spatial\ckdtree.pyd
2016-06-27 15:20 - 2016-06-27 15:20 - 000028672 _____ () C:\Python27\ArcGIS10.5\DLLs\_multiprocessing.pyd
2016-08-29 20:18 - 2016-08-29 20:18 - 003528704 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\spatial\qhull.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 013431296 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\_fblas.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 025541632 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\_flapack.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 009889792 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\_flinalg.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 000129536 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\_solve_toeplitz.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 000216576 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\_decomp_update.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 022351360 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\cython_blas.pyd
2016-08-29 20:16 - 2016-08-29 20:16 - 032194560 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\linalg\cython_lapack.pyd
2016-08-29 20:18 - 2016-08-29 20:18 - 000036352 _____ () C:\Python27\ArcGIS10.5\lib\site-packages\scipy\spatial\_distance_wrap.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00337952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33722100.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-05-10 14:07 - 000002132 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BoxSync"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Privatefirewall"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "BitTorrent Sync"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "LAN Messenger"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1125547639-1294637962-2935245663-1001\...\StartupApproved\Run: => "Process Hacker 2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{72DA076A-0E83-43B2-BE85-B4C5EA96FC84}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{85164A3A-523C-4052-A27D-DDE6199AC3C0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{8D70B11C-88C9-41ED-9BDB-3247C13F8822}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{111F5483-ED65-41DA-95A1-2DB90EB5BE88}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{738904B9-DFD9-455A-A48B-C0252E601CF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A1E766A-3BB9-4D4E-87B7-2F79E8BF80AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F845745-76A9-43C6-9F23-E806E18F6A1C}] => (Allow) C:\Servers\Plex Media Server\Plex Media Server.exe
FirewallRules: [{16406D6C-2B5B-437A-B8C9-0E9998154CE2}] => (Allow) C:\Servers\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{573A1E58-9471-4134-856F-2439E77145D3}] => (Allow) C:\Servers\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{E72D27DC-3C1F-4810-980B-E025FA9653CC}] => (Allow) C:\Servers\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{D5A057B7-7715-43C1-A8A6-9878C73D4B20}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
11-05-2018 03:31:43 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/11/2018 09:53:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ArcMap.exe version 10.5.0.6491 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1db8
 
Start Time: 01d3e8cdd2975219
 
Termination Time: 62
 
Application Path: C:\Program Files (x86)\ArcGIS\Desktop10.5\bin\ArcMap.exe
 
Report Id: fe16d7d0-552a-11e8-bf75-9495cf0b11e9
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/10/2018 02:15:09 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
 
Error: (05/10/2018 02:13:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/10/2018 02:13:07 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.
 
Error: (05/10/2018 02:13:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/09/2018 12:20:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18817, time stamp: 0x59b18749
Faulting module name: IEFRAME.dll, version: 11.0.9600.19003, time stamp: 0x5adc2ad8
Exception code: 0xc0000005
Fault offset: 0x002d44c0
Faulting process id: 0x2128
Faulting application start time: 0x01d3e7556c98f7ac
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\IEFRAME.dll
Report Id: abac2bf6-5348-11e8-bf73-88138c6b85ce
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/08/2018 12:28:48 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/08/2018 12:28:48 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (05/11/2018 04:14:59 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume14'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (05/11/2018 04:14:59 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume14'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (05/11/2018 03:32:55 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume12'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (05/11/2018 03:32:55 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume12'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (05/10/2018 10:26:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/10/2018 10:26:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/10/2018 10:26:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
Error: (05/10/2018 10:26:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
 
 
Windows Defender:
===================================
Date: 2018-05-11 07:28:41.095
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {8F8D689B-72DA-4FCF-B30A-BC02A9C72E95}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-09 12:45:01.627
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {A83A8585-24CF-43C9-9084-2ECAD5566141}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-09 12:14:19.089
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {526E80C8-697D-458F-B92C-9BF054BA76BC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 17:25:53.440
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {B510E112-4754-4D9E-A29B-608796CE34BA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 16:30:21.897
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {B8F806CD-F58A-4C5D-966A-266C941561CE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-05 23:33:33.907
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-28 21:31:48.779
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-28 21:31:48.545
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.417.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2017-11-17 02:20:17.993
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
CodeIntegrity:
===================================
 
Date: 2017-02-13 21:46:07.170
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.769
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:06.280
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.593
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:05.275
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.909
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2017-02-13 21:46:04.592
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 61%
Total physical RAM: 16247.11 MB
Available physical RAM: 6183.19 MB
Total Virtual: 18679.11 MB
Available Virtual: 7036.66 MB
 
==================== Drives ================================
 
Drive a: (TEMPDISK) (Fixed) (Total:3.99 GB) (Free:3.74 GB) FAT32
Drive b: (Backup) (Fixed) (Total:3725.99 GB) (Free:382.97 GB) NTFS
Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:27.63 GB) NTFS
Drive d: (Data Drive) (Fixed) (Total:3725.9 GB) (Free:2191.02 GB) NTFS
 
\\?\Volume{4f1e54b8-a647-11e5-be65-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: E84D4832)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 369A4321)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: A88F821A)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:36 PM

Posted 11 May 2018 - 05:55 PM

Those logs are clear. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users