PDA

View Full Version : Computer slow to shut down, need additional help.



PotatoUser
2017-10-13, 02:42
My computer was slow in shutting down last night and while scanning with glary utilities the program freezes with 'ixt0.dll' highlighted.

any help will be most appreciated.

Here is the logs.

___

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by Ryan Nakai (administrator) on LICORICE-PC (12-10-2017 17:22:44)
Running from C:\Users\Ryan Nakai\Desktop
Loaded Profiles: Ryan Nakai (Available Profiles: Ryan Nakai & DefaultAppPool)
Platform: Windows 10 Pro 170602-2340 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\GManager.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
() C:\Windows\System32\mlpatch.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Google Inc.) C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Google, Inc) C:\Users\Ryan Nakai\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5088872 2017-08-07] (Box, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-21] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-10-03] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [Google Update] => C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [MusicManager] => C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-11] (Valve Corporation)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25622168 2017-08-31] (Google)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-27] (Glarysoft Ltd)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2042144 2016-04-14] (TomTom)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [Google Photos Backup] => C:\Users\Ryan Nakai\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [GoogleChromeAutoLaunch_01263A5253C555C4A9D4CAD3ADB95ECB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-21] (Google Inc.)
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\MountPoints2: {69802939-7361-11e5-9bcc-d48564b6502e} - "I:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-13]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{69b9a6f4-8ea2-49ce-9859-b593bb2652a7}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-09-19] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-29] (DVDVideoSoft Ltd.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default [2017-10-08]
FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
FF Extension: (Click&Clean) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\clickclean@hotcleaner.com [2016-05-01]
FF Extension: (Pocket) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\isreaditlater@ideashower.com [2015-05-30]
FF Extension: (NoScript) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-28]
FF Extension: (WOT) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-09-28]
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-13] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-06-04]
FF Extension: (Adblock Plus) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (DownThemAll!) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-01]
FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-10] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3813752901-3998910076-3428625962-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3813752901-3998910076-3428625962-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3813752901-3998910076-3428625962-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan Nakai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "chrome://apps/"
CHR NewTab: Default -> Active:"chrome-extension://dbfmnekepjoapopniengjbcpnbljalfg/index.html"
CHR Profile: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default [2017-10-12]
CHR Extension: (Slides) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Type Case) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgojplakjihkbpjdemlbedkkgpbojeg [2016-12-17]
CHR Extension: (Just Type) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbmjhlgdihdaebioelepgldgojpkjag [2014-07-19]
CHR Extension: (Docs) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-04-16]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-12]
CHR Extension: (YouTube) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Solitaire) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2016-12-16]
CHR Extension: (Honey) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-10-10]
CHR Extension: (eBay) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-04-09]
CHR Extension: (HTML5 Analog Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfcckmhbpkjgfcnbgfmdodnlokimjdc [2014-05-11]
CHR Extension: (Adblock Plus) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
CHR Extension: (Pushbullet) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-10-09]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Infinity New Tab) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2017-09-06]
CHR Extension: (Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2017-09-27]
CHR Extension: (Polarr Photo Editor) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-06-18]
CHR Extension: (Timer) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2013-05-20]
CHR Extension: (Google Calendar) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07]
CHR Extension: (Box) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-29]
CHR Extension: (AudioRecorder) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2015-10-05]
CHR Extension: (Google Play Music) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-09-28]
CHR Extension: (Sheets) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Play Movies) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppdphmgcddhjeddoeghpjefkdlccljb [2013-02-16]
CHR Extension: (Calendar Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\galgfocamdohgeifjlbefkfpaalankfi [2016-07-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-23]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-09]
CHR Extension: (Digital Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-16]
CHR Extension: (Planetarium) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-07]
CHR Extension: (AdBlock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-04]
CHR Extension: (History Eraser) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-09-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-10-11]
CHR Extension: (Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoihofapbdnldlhecnhefifbcddgdkhm [2014-05-11]
CHR Extension: (Crackle) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-18]
CHR Extension: (Google Play Music) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-02-11]
CHR Extension: (1-click-timer) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2017-03-05]
CHR Extension: (Dropbox) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30]
CHR Extension: (Voice to Text) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2017-08-04]
CHR Extension: (Matthew Bauer) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhficiigpnhhaojldmanflihieepanbb [2016-01-05]
CHR Extension: (Pocket Website) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2013-07-19]
CHR Extension: (History Eraser App) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2016-07-15]
CHR Extension: (Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\joodangkbfjnajiiifokapkpmhfnpleo [2016-05-17]
CHR Extension: (Google Play) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (The Gansberg Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhecpmapflhhdpcnpedpcaabolnapcae [2013-05-15]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-04-16]
CHR Extension: (BehindTheOverlay) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2016-10-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Maps) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-08-15]
CHR Extension: (Spelunky HTML5) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2015-05-29]
CHR Extension: (Google Drawings) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-09-26]
CHR Extension: (Google Play Books) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-22]
CHR Extension: (QR Code Generator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl [2013-02-11]
CHR Extension: (PDF Merge - PDF Files Merger) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndolbcaghkmhjhgggldkgjibdilpbdbm [2017-10-04]
CHR Extension: (OneDrive) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-08-18]
CHR Extension: (Save to Pocket) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Scientific Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2017-08-31]
CHR Extension: (Weather Underground) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-05-12]
CHR Extension: (Gmail) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
CHR Extension: (Cool Metronome) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmfiinlikaadclgdojekfaoglellgm [2015-12-24]
CHR Profile: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-14]
CHR HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-13] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36680 2017-08-07] (Box, Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe [71512 2017-07-31] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3059440 2017-07-18] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-10-15] (Futuremark)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-11] (Realtek Semiconductor)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2017-01-27] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-11] (Samsung Electronics Co., Ltd.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-05] (Glarysoft Ltd)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-10-12] (Malwarebytes)
R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [172752 2016-02-03] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R1 MpKsl9c8c92a3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84CCD30E-420D-4C18-A888-00299F654723}\MpKsl9c8c92a3.sys [58120 2017-10-12] (Microsoft Corporation)
S1 MpKsld4969ecd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84CCD30E-420D-4C18-A888-00299F654723}\MpKsld4969ecd.sys [58120 2017-10-11] () [File not signed]
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
S3 SaiH0461; C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [178432 2017-06-22] (Saitek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-11] (Samsung Electronics Co., Ltd.)
R3 t1pusb64; C:\WINDOWS\system32\drivers\t1pusb64.sys [156424 2016-04-08] (Magic Control Technology Corp.)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 aswMBR; C:\Users\Ryan Nakai\AppData\Local\Temp\aswMBR.sys [62728 2017-10-12] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Ryan Nakai\AppData\Local\Temp\aswVmm.sys [224896 2017-10-12] () <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-12 17:22 - 2017-10-12 17:22 - 000040135 _____ C:\Users\Ryan Nakai\Desktop\FRST.txt
2017-10-12 17:20 - 2017-10-12 17:20 - 000000564 _____ C:\Users\Ryan Nakai\Desktop\aswMBR.txt
2017-10-12 16:24 - 2017-10-12 16:24 - 000000000 ____D C:\FRST
2017-10-12 16:21 - 2017-10-12 17:00 - 005198336 _____ (AVAST Software) C:\Users\Ryan Nakai\Desktop\aswMBR.exe
2017-10-12 16:19 - 2017-10-12 16:24 - 002401792 _____ (Farbar) C:\Users\Ryan Nakai\Desktop\FRST64.exe
2017-10-12 12:36 - 2017-10-12 12:36 - 000000000 ___HD C:\OneDriveTemp
2017-10-12 12:24 - 2017-10-12 12:24 - 000016148 _____ C:\WINDOWS\system32\LICORICE-PC_Ryan Nakai_HistoryPrediction.bin
2017-10-12 11:53 - 2017-10-12 11:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ryan Nakai\Desktop\HijackThis.exe
2017-10-12 11:48 - 2017-10-12 11:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-10-12 11:44 - 2017-10-12 11:44 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-10-12 11:44 - 2017-10-12 11:44 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-10-12 11:44 - 2017-10-12 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-10-12 11:43 - 2017-10-12 11:45 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-10-12 11:43 - 2017-10-12 11:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-10-12 11:43 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-10-12 11:39 - 2017-10-12 11:43 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Ryan Nakai\Downloads\spybotsd-2.6.46.exe
2017-10-12 11:30 - 2017-10-12 11:33 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-12 11:30 - 2017-10-12 11:30 - 000000000 ____D C:\ProgramData\SUPERSetup
2017-10-12 11:30 - 2017-10-12 11:30 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-10-12 11:30 - 2017-10-12 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-10-12 11:28 - 2017-10-12 11:28 - 000425304 _____ (Secure By Design Inc.) C:\Users\Ryan Nakai\Downloads\Ninite SUPERAntiSpyware Installer.exe
2017-10-12 11:04 - 2017-10-12 11:04 - 000001171 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-10-11 19:05 - 2017-10-11 19:05 - 006614768 _____ C:\Users\Ryan Nakai\Downloads\1507765328.orange-peel_pkmrescue_fla.swf
2017-10-10 11:59 - 2017-10-10 11:59 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-07 20:08 - 2017-10-07 20:08 - 003924286 _____ C:\Users\Ryan Nakai\Downloads\1507366426474.webm
2017-10-07 18:36 - 2017-10-07 19:08 - 000000000 ____D C:\Users\Ryan Nakai\Desktop\New folder
2017-10-06 21:25 - 2017-10-07 01:55 - 1647968256 _____ C:\Users\Ryan Nakai\Desktop\linuxmint-18.2-xfce-64bit.iso
2017-10-05 23:34 - 2017-10-05 23:34 - 000136375 _____ C:\Users\Ryan Nakai\Downloads\Lesson 4 - Ethics Scenarios 1.pdf
2017-10-04 15:22 - 2017-10-04 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-03 04:21 - 2017-10-03 04:21 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-03 04:21 - 2017-10-03 04:21 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-29 16:06 - 2017-09-29 16:06 - 000360466 _____ C:\Users\Ryan Nakai\Downloads\1445763477.siroc_mm_son_wip1.swf
2017-09-29 11:41 - 2017-09-29 11:42 - 007026214 _____ C:\Users\Ryan Nakai\Downloads\1506706468.orange-peel_zapdos_special_versiond.swf
2017-09-28 23:06 - 2017-09-28 23:06 - 000001362 _____ C:\Users\Ryan Nakai\Desktop\CnD Chicken
2017-09-28 15:24 - 2017-09-28 15:24 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-09-26 12:56 - 2017-09-26 12:57 - 000000000 ____D C:\Users\Ryan Nakai\Downloads\Madoka pnm
2017-09-23 16:36 - 2017-09-23 16:38 - 006635333 _____ C:\Users\Ryan Nakai\Downloads\2a62ecfd585bc41749d2e094219295af.swf
2017-09-23 10:54 - 2017-09-23 10:54 - 000675939 _____ C:\Users\Ryan Nakai\Downloads\1852459 - Cutepet Sailor_Moon Usagi_Tsukino.jpeg
2017-09-22 16:56 - 2017-09-22 16:56 - 000234842 _____ C:\Users\Ryan Nakai\Downloads\make-model-scatter-dot-blue-green-reversible-strapless-bandeau-bra-product-2-3047491-643272225.jpeg
2017-09-22 16:55 - 2017-09-22 16:55 - 000256691 _____ C:\Users\Ryan Nakai\Downloads\make-model-rainbow-check-lilac-sheer-reversible-strapless-bandeau-bra-product-2-4299888-174110365.jpeg
2017-09-20 16:34 - 2017-09-20 16:35 - 022214921 _____ C:\Users\Ryan Nakai\Downloads\Ghost.swf
2017-09-18 16:55 - 2017-09-18 16:55 - 001937674 _____ C:\Users\Ryan Nakai\Downloads\DD_CA10Df.swf
2017-09-18 16:55 - 2017-09-18 16:55 - 001883481 _____ C:\Users\Ryan Nakai\Downloads\DD_BA1Df.swf
2017-09-18 16:52 - 2017-09-18 16:53 - 007635217 _____ C:\Users\Ryan Nakai\Downloads\DD_AA10Df_S.swf
2017-09-16 20:30 - 2017-09-16 20:30 - 000240334 _____ C:\Users\Ryan Nakai\Downloads\1505205833.diives_lopunny_ball_nsfw_released_swf.swf
2017-09-16 11:10 - 2017-09-16 11:12 - 008812312 _____ C:\Users\Ryan Nakai\Downloads\2031073_Pherion_patreon360p.swf
2017-09-14 23:33 - 2017-09-14 23:33 - 000057790 _____ C:\Users\Ryan Nakai\Downloads\How to Read a Recipe by Alton Brown.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-12 16:47 - 2015-12-28 20:01 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-12 12:36 - 2014-11-28 17:14 - 000000000 ___RD C:\Users\Ryan Nakai\OneDrive
2017-10-12 12:32 - 2014-11-04 12:30 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-10-12 12:30 - 2015-08-02 22:42 - 001005662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-12 12:30 - 2015-07-10 05:02 - 000000000 ____D C:\WINDOWS\INF
2017-10-12 12:28 - 2013-02-14 17:16 - 000000000 ___RD C:\Users\Ryan Nakai\Google Drive
2017-10-12 12:28 - 2013-02-13 22:37 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-12 12:24 - 2015-12-28 20:01 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-12 12:24 - 2013-08-06 15:54 - 000002802 _____ C:\WINDOWS\system32\GManager.ini
2017-10-12 12:23 - 2015-07-10 06:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-12 11:11 - 2017-01-26 22:58 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-12 11:04 - 2014-11-04 12:30 - 000003398 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-10-12 11:04 - 2014-11-04 12:30 - 000003044 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-10-12 11:04 - 2014-11-04 12:30 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-10-11 23:25 - 2015-07-10 05:04 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 23:25 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-11 18:22 - 2017-06-30 12:18 - 000000809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-10-11 18:22 - 2017-06-30 12:18 - 000000797 _____ C:\Users\Ryan Nakai\Desktop\Windows 10 Update Assistant.lnk
2017-10-11 18:22 - 2016-09-30 12:50 - 000000000 ____D C:\Windows10Upgrade
2017-10-10 20:19 - 2013-02-11 19:52 - 000000000 ____D C:\Users\Ryan Nakai\AppData\Roaming\vlc
2017-10-10 18:41 - 2013-02-12 23:08 - 000000000 ____D C:\Users\Ryan Nakai\AppData\Roaming\XnView
2017-10-10 15:28 - 2016-09-30 12:52 - 000000000 ___HD C:\$GetCurrent
2017-10-10 15:28 - 2013-02-11 17:05 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-10-10 15:28 - 2013-02-11 17:05 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-10-10 15:27 - 2017-06-30 17:47 - 000000036 _____ C:\WINDOWS\progress.ini
2017-10-10 15:22 - 2015-08-02 23:08 - 000000430 __RSH C:\Users\Ryan Nakai\ntuser.pol
2017-10-10 15:22 - 2015-08-02 22:43 - 000000000 ____D C:\Users\Ryan Nakai
2017-10-10 15:22 - 2013-02-13 19:56 - 000000400 __RSH C:\ProgramData\ntuser.pol
2017-10-10 12:23 - 2016-10-21 22:12 - 000004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-10 12:23 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-10 12:23 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-10 12:06 - 2013-08-14 22:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 11:59 - 2013-02-12 13:04 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-06 16:55 - 2013-08-15 16:38 - 000000000 ____D C:\Users\Ryan Nakai\AbiSuite
2017-10-06 16:28 - 2015-07-10 03:05 - 000131072 ___SH C:\WINDOWS\system32\config\BBI
2017-10-05 19:42 - 2017-07-20 22:45 - 000000000 ____D C:\Program Files\rempl
2017-10-05 13:33 - 2016-11-24 17:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-05 13:33 - 2013-02-14 20:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-04 15:23 - 2015-12-28 20:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-26 15:39 - 2013-02-11 18:54 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-20 22:45 - 2016-12-23 11:57 - 000000000 ____D C:\Users\Ryan Nakai\AppData\LocalLow\Mozilla
2017-09-20 11:20 - 2015-07-10 05:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-20 11:19 - 2014-11-28 16:14 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-20 11:05 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\rescache
2017-09-19 12:46 - 2017-07-24 21:29 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3813752901-3998910076-3428625962-1001
2017-09-19 12:46 - 2015-08-02 23:17 - 000002423 _____ C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-16 10:16 - 2013-02-14 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2015-08-16 00:59 - 2015-08-16 00:59 - 000000000 _____ () C:\Program Files\Microsoft Security Client
2015-08-22 01:27 - 2015-08-22 01:27 - 000000000 _____ () C:\Program Files (x86)\ATI Technologies
2015-08-16 00:59 - 2015-08-16 00:59 - 000000000 _____ () C:\Program Files (x86)\Common Files\AMD
2013-03-08 23:04 - 2013-04-16 23:19 - 000096418 _____ () C:\Users\Ryan Nakai\AppData\Roaming\Logs
2013-04-01 13:37 - 2013-04-01 13:37 - 000109298 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Roaming\MSWINSCK.OCX
2005-04-07 20:16 - 2013-03-09 01:48 - 000005200 ____H () C:\Users\Ryan Nakai\AppData\Roaming\Ryan Nakailog.dat
2016-05-30 19:55 - 2016-05-30 19:55 - 000000218 _____ () C:\Users\Ryan Nakai\AppData\Local\recently-used.xbel
2013-05-17 22:42 - 2013-05-17 22:42 - 000000017 _____ () C:\Users\Ryan Nakai\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
__

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Ryan Nakai (12-10-2017 17:26:41)
Running from C:\Users\Ryan Nakai\Desktop
Windows 10 Pro 170602-2340 (X64) (2015-08-03 05:08:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3813752901-3998910076-3428625962-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3813752901-3998910076-3428625962-503 - Limited - Disabled)
Guest (S-1-5-21-3813752901-3998910076-3428625962-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3813752901-3998910076-3428625962-1004 - Limited - Enabled)
Ryan Nakai (S-1-5-21-3813752901-3998910076-3428625962-1001 - Administrator - Enabled) => C:\Users\Ryan Nakai

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8-Bit Bayonetta (HKLM\...\Steam App 567090) (Version: - PlatinumGames, Bitbaboon)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
AlphaSmart AlphaBeam 3.2 (HKLM-x32\...\AlphaSmart AlphaBeam 3.2) (Version: - )
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audacity 2.1.3 (HKLM-x32\...\AudacityŽ_is1) (Version: 2.1.3 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
BIT.TRIP BEAT (HKLM-x32\...\Steam App 63700) (Version: - Gaijin Games)
Box Sync (HKLM\...\{0653E263-C86D-44AB-AE83-25407370FCE1}) (Version: 4.0.7848.0 - Box, Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Chipamp (HKLM-x32\...\Chipamp) (Version: 1.0 - OverClocked ReMix)
Chrome Remote Desktop Host (HKLM-x32\...\{BAD014C7-DB71-474A-AC68-F06FAE17A949}) (Version: 61.0.3163.20 - Google Inc.)
Contraption Maker (HKLM-x32\...\Steam App 241240) (Version: - Spotkin)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 9.1.8.8 (13/02/2015) (HKLM-x32\...\DVDFab 9 US_is1) (Version: - Fengtao Software Inc.)
EDGE (HKLM-x32\...\Steam App 38740) (Version: - Two Tribes)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eversion (HKLM-x32\...\Steam App 33680) (Version: - Zaratustra Productions)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.5.7 - Graeme Gott)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
Futuremark SystemInfo (HKLM-x32\...\{B8E78E04-6020-4CD2-BEAB-7BB6E9EF75C3}) (Version: 4.22.211 - Futuremark)
Glary Utilities 5.85 (HKLM-x32\...\Glary Utilities 5) (Version: 5.85.0.106 - Glarysoft Ltd)
Google Chrome (HKLM\...\{C1FECBCE-6D6B-3040-A62C-A205863357F6}) (Version: 61.0.3163.100 - Google, Inc.)
Google Drive (HKLM-x32\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Ikaruga (HKLM\...\Steam App 253750) (Version: - Treasure)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Inkscape 0.92.1 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92 - inkscape.org)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 5.3.1.2 (HKLM\...\{9A2A4317-64E9-4631-997A-F2C4F8A512C7}) (Version: 5.3.1.2 - The Document Foundation)
MakeMKV v1.10.7 (HKLM-x32\...\MakeMKV) (Version: v1.10.7 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mighty Switch Force! Hose It Down! (HKLM-x32\...\Steam App 375310) (Version: - WayForward)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 en-US)) (Version: 52.2.1 - Mozilla)
Music Manager (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\MusicManager) (Version: - Google, Inc.)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
My Game Long Name (HKLM\...\UDK-9c727eda-b1c8-4d60-a336-76dd5b849c08) (Version: - Epic Games, Inc.)
Noitu Love 2 Devolution (HKLM-x32\...\Steam App 207530) (Version: - Joakim Sandberg)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version: - Mine Loader Software Co., Ltd.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.1 - pdfforge GmbH)
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap Games, Inc.)
Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version: - PopCap Games, Inc.)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version: - TamaSoftware)
Pink Heaven (HKLM-x32\...\Steam App 409690) (Version: - Studio Pixel)
Pink Hour (HKLM-x32\...\Steam App 409670) (Version: - Studio Pixel)
PNotes.NET 3.0.1.5 (HKLM-x32\...\{02384F4C-1820-49E9-9D03-81F27EEE1224}_is1) (Version: 3.0.1.5 - Andrey Gruber)
Princess Remedy in a World of Hurt (HKLM\...\Steam App 407900) (Version: - Ludosity)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.721 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Retro Game Crunch (HKLM-x32\...\Steam App 290040) (Version: - Rusty Moyher)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version: - Lab Zero Games)
Skullgirls ∞Endless Beta∞ (HKLM-x32\...\Steam App 208610) (Version: - )
Sonic Adventure™ 2 (HKLM-x32\...\Steam App 213610) (Version: - SEGA)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Amazing Wagon Adventure (HKLM-x32\...\Steam App 250500) (Version: - sparsevector)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version: - Modern Dream)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Trigger External Graphics Family 16.02.0315.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.02.0315.0179 - MCT Corp)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Unity Web Player (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wizorb (HKLM-x32\...\Steam App 207420) (Version: - Tribute Games)
XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [BoxContextMenuClient] -> {4a9f9d0f-60bd-3164-a67d-4f811da1eea0} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers1: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers2: [TeraCopyS64] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [BoxContextMenuClient] -> {4a9f9d0f-60bd-3164-a67d-4f811da1eea0} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers4: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0332F065-457A-4893-918B-6C91CC2A059F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3813752901-3998910076-3428625962-1001Core => C:\Users\Ryan Nakai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0DEE3FC5-3B3B-4231-9369-527159273B67} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {126F54CE-0361-4AB8-A13F-F1B72A673C97} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1293E7C4-D091-4650-9E2A-2D4A3F0E7B72} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {166B1A52-8BC0-497C-A2CD-F2101F098CF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {16830EC9-CA72-44AB-8564-AC78EDEF1A14} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-28] (Dropbox, Inc.)
Task: {1B53C0D6-6C50-47D3-8B42-8AC93E65F75F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2AC6A0AA-BED4-4351-8D95-3B2D924B1C4B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {32E4AFD2-0316-4A76-BE1D-4057A7C87A03} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {37B49C50-3BE9-4D10-8077-FB043A549AD6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
Task: {45D32615-401F-4B39-A10E-2E85D1057902} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {4A739648-42BF-46D1-BD94-57DA880DA904} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {4E2A253D-A292-4285-8ABB-1D01EC2861A6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {52933F8A-FA64-4805-90B0-E9E91FDD91CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {77FE407B-9CB5-4CEE-B8DB-2E784D4715E1} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-09-27] (Glarysoft Ltd)
Task: {78DD1C88-AC1F-4F7C-80F0-3EBFB1A6C760} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {792FC510-D96A-4EAC-96BC-735F2AF06891} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7FD49B8C-4534-46E4-803E-691A78B40027} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81D62FF8-BDB8-4B69-8B0C-AFB8C615080A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84702869-6FA9-4A4D-ADBD-86067BB1E036} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {903783B0-942F-44A6-87D2-1D8FB86F894F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {93442E65-DBEC-44A9-A05E-57CA228722CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9CE8A4DC-6488-411F-8CCA-1C8616A94E7F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-09-27] (Glarysoft Ltd)
Task: {A02ABF5F-5951-480D-95A8-9BCEAB05EE27} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A7EA203E-B53D-4870-8344-D0A761E9E441} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B15F9FC0-AFA4-438D-8226-50352A24F36D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B1A83C33-A256-42B2-AB09-484BEE26FA72} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C1C9C14A-394B-409C-B7F1-2AFA729DD1E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {C77F73F6-A8A8-4B33-8690-04CF7870F28E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CD65B18E-3993-4CF0-8F0A-38C63937B50B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7CE1568-7EE5-4B8A-90B1-56200FD4EC54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3813752901-3998910076-3428625962-1001UA => C:\Users\Ryan Nakai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D84D8721-8355-4147-A846-092C7EA55B4F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-28] (Dropbox, Inc.)
Task: {DC80A298-7590-4501-BF10-EBC5255EE6E5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DFD08C1B-6618-4CBF-8391-1D3AC94DA9A1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E56F21B5-C230-449C-B57D-B17C3C029513} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5BBDF34-B300-4077-A9DA-F87CA56EC14F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ECDE8BB0-EBC2-4B62-ACC7-446A5AD90E14} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FAECCE5E-B814-400D-AB6B-CB495613FCF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-10] (Adobe Systems Incorporated)
Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FE36B75F-9F93-422B-9876-A128BD10DD43} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 05:00 - 2015-07-10 05:00 - 000028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-03 00:31 - 2015-08-03 00:31 - 000032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-11-17 19:49 - 2016-10-25 01:15 - 000404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-11-28 16:14 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-02 23:24 - 2012-08-28 14:20 - 000313432 _____ () C:\Windows\system32\GManager.exe
2013-08-06 15:54 - 2011-05-03 18:13 - 000199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2015-08-02 23:24 - 2014-08-22 17:10 - 002244912 _____ () C:\WINDOWS\system32\MlPatch.exe
2017-07-19 16:09 - 2017-07-19 16:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-06-14 12:09 - 2017-06-03 07:39 - 002495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-07 17:13 - 2017-08-07 17:13 - 000126792 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2017-08-07 17:13 - 2017-08-07 17:13 - 001488200 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2017-08-07 17:13 - 2017-08-07 17:13 - 000056648 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2017-08-07 17:13 - 2017-08-07 17:13 - 002106696 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2017-08-07 17:10 - 2017-08-07 17:10 - 000136520 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2017-08-07 17:09 - 2017-08-07 17:09 - 000143688 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2017-08-07 17:09 - 2017-08-07 17:09 - 000554824 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2017-08-07 17:08 - 2017-08-07 17:08 - 000063304 _____ () C:\Program Files\Box\Box Sync\psutil._psutil_windows.pyd
2017-08-07 17:10 - 2017-08-07 17:10 - 000698184 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2017-08-07 17:02 - 2017-08-07 17:02 - 000009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2017-08-07 17:10 - 2017-08-07 17:10 - 000033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2017-08-07 17:09 - 2017-08-07 17:09 - 000017736 _____ () C:\Program Files\Box\Box Sync\select.pyd
2017-08-07 17:13 - 2017-08-07 17:13 - 000187208 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2017-08-07 17:08 - 2017-08-07 17:08 - 000185672 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2017-08-07 17:10 - 2017-08-07 17:10 - 000528200 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2017-08-07 17:10 - 2017-08-07 17:10 - 000029000 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2017-08-07 17:11 - 2017-08-07 17:11 - 000155976 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2017-08-07 17:13 - 2017-08-07 17:13 - 000069960 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2017-08-07 17:11 - 2017-08-07 17:11 - 000142152 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2017-08-07 17:11 - 2017-08-07 17:11 - 000051016 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2017-08-07 17:12 - 2017-08-07 17:12 - 000059720 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2017-08-07 17:14 - 2017-08-07 17:14 - 000032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2017-08-07 17:13 - 2017-08-07 17:13 - 000040776 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2017-08-07 17:10 - 2017-08-07 17:10 - 000027464 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2017-08-07 17:11 - 2017-08-07 17:11 - 000229704 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2017-03-22 09:44 - 2017-01-31 06:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-09-26 15:39 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:39 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-08-07 16:59 - 2017-08-07 16:59 - 000166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2013-02-25 19:57 - 2011-10-26 18:41 - 000126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2013-02-25 19:57 - 2011-10-26 18:41 - 000318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-09-30 20:00 - 2015-09-16 23:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-05-10 09:12 - 2017-04-27 17:44 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-02 18:08 - 2016-11-19 00:06 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-10 09:13 - 2017-04-27 17:42 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 20:00 - 2015-09-16 23:43 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-10-12 11:43 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-10-12 11:43 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-10-12 11:43 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-10-12 11:43 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-01 18:01 - 2016-02-01 18:01 - 000117248 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2016-02-01 18:00 - 2016-02-01 18:00 - 000234496 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2016-02-01 18:00 - 2016-02-01 18:00 - 000253440 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2016-02-01 17:59 - 2016-02-01 17:59 - 000344064 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-03-12 17:10 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 18:14 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-21 16:49 - 2017-10-11 13:10 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 16:45 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 16:45 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 16:45 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 16:45 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 16:45 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-19 18:14 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 18:14 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2013-02-13 22:41 - 2017-10-11 13:10 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-11 09:06 - 2014-09-11 09:06 - 000878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 09:05 - 2014-09-11 09:05 - 000036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 09:06 - 2014-09-11 09:06 - 000038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 09:14 - 2014-09-11 09:14 - 000032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 09:05 - 2014-09-11 09:05 - 000021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 09:14 - 2014-09-11 09:14 - 000027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 09:05 - 2014-09-11 09:05 - 000021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 09:14 - 2014-09-11 09:14 - 000381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 09:05 - 2014-09-11 09:05 - 000204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 09:14 - 2014-09-11 09:14 - 000218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 09:08 - 2014-09-11 09:08 - 000015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 09:14 - 2014-09-11 09:14 - 000015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 09:15 - 2014-09-11 09:15 - 000307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 09:15 - 2014-09-11 09:15 - 000014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 09:15 - 2014-09-11 09:15 - 000252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2016-04-08 16:35 - 2016-04-08 16:35 - 003481600 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2017-06-22 20:56 - 2017-06-22 20:56 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2017-01-16 05:40 - 2017-01-16 05:40 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-10-04 15:22 - 2017-10-03 04:21 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-10-04 15:22 - 2017-10-03 04:21 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 12:54 - 2017-10-03 04:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-23 17:26 - 2017-10-03 04:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-23 17:26 - 2017-10-03 04:22 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-23 17:26 - 2017-10-03 04:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-04 15:22 - 2017-10-03 04:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-10-04 15:22 - 2017-10-03 04:21 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-23 17:26 - 2017-10-03 04:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 17:26 - 2017-10-03 04:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-04 15:22 - 2017-10-03 04:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-04-26 15:53 - 2017-10-03 04:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-04 15:22 - 2017-10-03 04:21 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 17:26 - 2017-10-03 04:22 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-23 17:26 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-04-26 15:53 - 2017-10-03 04:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-04-26 15:53 - 2017-10-03 04:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-23 17:26 - 2017-10-03 04:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-23 17:26 - 2017-10-03 04:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-21 12:54 - 2017-10-03 04:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-21 12:54 - 2017-10-03 04:22 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-04 15:22 - 2017-10-03 04:21 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-10-04 15:22 - 2017-10-03 04:22 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-10-04 15:22 - 2017-10-03 04:21 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-10-04 15:22 - 2017-10-03 04:22 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-21 12:54 - 2017-10-03 04:22 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-04 15:22 - 2017-10-03 04:22 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-10-04 15:22 - 2017-10-03 04:22 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-12 12:25 - 2017-10-12 12:25 - 000098816 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32api.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000110080 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pywintypes27.dll
2017-10-12 12:25 - 2017-10-12 12:25 - 000364544 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pythoncom27.dll
2017-10-12 12:25 - 2017-10-12 12:25 - 000320512 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32com.shell.shell.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000914432 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_hashlib.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 001176576 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._core_.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000806400 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._gdi_.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000816128 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._windows_.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 001067008 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._controls_.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000733184 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._misc_.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000682496 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pysqlite2._sqlite.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000088064 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_ctypes.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000686080 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\unicodedata.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000119808 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32file.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000108544 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32security.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000007168 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\hashobjs_ext.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000017920 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\thumbnails_ext.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000088064 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\usb_ext.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000012800 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\common.time34.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000018432 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32event.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000167936 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32gui.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000046080 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_socket.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 001303552 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_ssl.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000128512 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_elementtree.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000127488 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pyexpat.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000038912 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32inet.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000036864 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_psutil_windows.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000525208 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\windows._lib_cacheinvalidation.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000011264 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32crypt.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000123392 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._wizard.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000077312 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._html2.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000027648 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_multiprocessing.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000020480 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_yappi.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000035840 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32process.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000078848 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._animate.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000024064 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32pipe.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000010240 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\select.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000025600 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32pdh.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000017408 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32profile.pyd
2017-10-12 12:25 - 2017-10-12 12:25 - 000022528 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32ts.pyd
2016-12-17 10:55 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 19:54 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2015-01-19 18:14 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-27 21:31 - 2017-09-27 21:31 - 000087024 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ryan nakai\documents\r-stuff\wallpapers 1.2.5\patterns and textures\c3634531b40b2b97b30653324691b1b1.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99123B69-F55B-406C-962C-AF31D8366049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{9AD84985-A221-4F83-9CEE-DB09ACF1E65F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{2ECDD4B2-26F7-4789-B671-6A457B78B2BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{189741C3-8FF9-4480-86E0-82B4E7089D65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{A29268A0-6729-4674-B2E0-B568F6E9645E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F710B0D-0431-4EC6-A337-8010E5D3E56E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A57DAC2B-8EB0-48C1-8FCA-ED3FC310B1F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Retro Game Crunch\Retro Game Crunch.exe
FirewallRules: [{52BAEA47-F1A2-4C00-9D7D-77458EBF8D7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Retro Game Crunch\Retro Game Crunch.exe
FirewallRules: [{C18176B6-9B10-4EB1-9E97-C46F4CCF5105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{BBF6A2AB-122D-4CE4-937A-0CD481F14D54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{724A6F02-5017-44EC-A990-A3439C8EBD83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{EFB856F5-EDC7-4373-B2B9-A4173A3BFCFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{A65AC39F-9C68-4352-958C-777D4B3DFE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{0560329D-E6D1-4B52-BF37-3C14A369593F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{6760F5BF-5C7E-47BA-A907-9FEFAA0D0BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{C5E6108E-72BB-4752-B586-69EC1667BB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{B8B2B5CA-A167-468D-8A1D-91D2F11EFC08}] => (Allow) C:\Users\Ryan Nakai\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E19FFD3E-E80A-49C0-B793-FE467F2267DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [{5AE08678-D30F-4ECE-9426-A2296E5A0FEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [UDP Query User{AA789855-7BBB-4AFD-A2B6-6ABF2FD47785}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{BEEDA220-8B3B-4C8A-A29E-C19939DE08BA}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{286C7A8E-D56A-448F-A195-065B2FB8F707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Extreme\PeggleExtreme.exe
FirewallRules: [{E75F5F04-1F85-4FCE-A76E-5B4C283D32F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Extreme\PeggleExtreme.exe
FirewallRules: [{86FD8C81-8BEA-410B-B4DC-FD2757997F52}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{40F7757A-2DEF-4D52-9031-C700A34D59F4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5FFDCCBB-B476-4EDD-AF84-5630DE8751BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{C4AD3EBF-8D6A-474B-86DC-B2D07C8D584B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{B351822B-F375-47DE-BCF9-678CE5352010}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls Beta\SkullGirls.exe
FirewallRules: [{8F560E9A-B375-40D2-8A64-E6C2FA2FC3B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls Beta\SkullGirls.exe
FirewallRules: [{535B2FF9-B77F-4182-BB32-D51BEF366A5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{7ABE7E2A-D900-4FE9-A346-F6D4219A8102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{E194399D-1B32-4E24-8A24-FC05BC1CBD3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizorb\Wizorb.exe
FirewallRules: [{FE7E0F51-4B28-4BAF-BDF9-2671B76AC616}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizorb\Wizorb.exe
FirewallRules: [{6AA883B7-3088-4C39-AB73-4321F4C8F919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{57EBDD86-C9C4-469D-A88A-210A707849BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{4C680D68-347B-4B37-BD5B-7BB645D90347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{97309324-6947-449E-AC98-23EDC67219CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{CC549FF4-CAB0-4C60-9FD7-A9C182B877C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eversion\eversion.exe
FirewallRules: [{8A3D4E50-6C9E-40A5-875C-22912BAA1F36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eversion\eversion.exe
FirewallRules: [{927AB254-936B-4130-829B-8E62C7857553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PCMark 8\bin\PCMark8.exe
FirewallRules: [{2D24B087-A798-4709-8A1E-93DF39FFD071}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PCMark 8\bin\PCMark8.exe
FirewallRules: [{E9A82DC3-1E6E-4DAA-BA71-3223136F0886}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9DF46346-0F19-48BC-9046-7DB61F783506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{27B15300-214F-4A5C-AC09-16BCD13BAF5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{AC776B45-91CC-476C-B6D7-BEC20AF324E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{43068E02-7408-4379-9BFF-D8F2EBDE2429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{8CA70194-C4D4-4C42-A800-48893F67C8C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{582DD20C-4D3E-4F38-9365-9967B9D16D18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{4535524C-3A31-46AA-A3CE-AD53F73C803E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{2BF3973E-F7C1-4224-9048-5BD22C63F6E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{5F9265D6-B5F9-4F1E-A94C-4DC4EBAEABA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A80CDC9B-46D9-4C46-8CB8-0E9BF18217F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{659A457D-B34E-44BC-BEE7-373C840E2EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{13C61C1C-C131-4933-A0FC-5392553D8923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{9F41614C-97FE-43B7-87E6-FAFA5551D06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{AD068A6B-0FC7-46F2-B5CC-75DBD70043EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{7C5A37C4-CBFF-4DDA-A9E4-DFAB858ECC7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{989FD6DD-7D5C-4C81-BFEC-03F3FDE422D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{5AA5B594-7431-4816-93D7-7C0173C3ED38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{AC62340A-E2C0-43B4-A3C5-E6DE446539D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{EB742BDF-4193-4F9B-8288-8879321CEFAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{E268A297-792E-4A45-A294-937CE256F0F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{FAAD0623-3C55-4C05-993A-35045D86C1CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{8DC6B44B-5B6E-429C-B4B5-FD9725A606A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{89AB3886-7C29-40EB-9B75-95DB221826DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A4F95AF1-BD0B-439A-818F-95933B2DB033}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{0F8092E9-8448-4545-AFB5-A22DE37F2D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{2089D6C5-0A8E-41AE-B8F4-5AC4CCE827F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{325F518C-350D-4ECB-A38B-E5961D6FE54A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{815E1353-28FC-421E-8754-FAD917101FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C6D12C77-FD1E-4C9C-BF6C-D44482DD1FB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A949B850-94B2-46CF-895D-98BF244413BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BIT.TRIP BEAT\BEAT.exe
FirewallRules: [{347CB3EF-C616-43F9-93AE-3EFED032A711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BIT.TRIP BEAT\BEAT.exe
FirewallRules: [{5DB713F0-91EA-4521-95B1-EE91B5F69314}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\config.exe
FirewallRules: [{4090BC91-451A-464B-8B5A-D2AF4F1ED706}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\config.exe
FirewallRules: [{25D7770C-58C6-4FAB-9D4B-D41B89671838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\nl2.exe
FirewallRules: [{8D5EE0ED-FC06-4501-891A-AC139B730022}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\nl2.exe
FirewallRules: [UDP Query User{CE0471B1-4D26-45B2-B91C-25CB59C707E9}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{465DA2B4-F6F9-41AB-8C23-87944EC85DF4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{50ED50AC-FF34-491E-BAEF-91217E08D068}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{171515DD-28E9-4B99-9755-BA53F812B272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{76A0A0BB-C9C7-4D10-96B2-EA4595B85A5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{4F098576-07ED-44A6-B939-49F47679E786}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{B45C6EB1-EFDA-47C8-832D-BCEE1FE77757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{00704251-EB0C-414B-A3F9-34540B6F8972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{980CD676-C83B-471C-9EDF-A0DCF5244F3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{E07C2FDB-57CA-4E8F-8584-83F4F42D9F9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{7C89DBCD-DBD1-4A51-A50C-80C2BF9972CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{CC59B608-4699-4BCC-BE35-4967B93B78EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{01FC424C-01B0-4A5C-8DBB-B4A33A30B4CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{E5F80EF9-A088-4251-83A9-2F78DCCEC5E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{1629A8D2-469F-4141-8894-E832B7B57264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{67C71B49-3D11-41CB-800E-5BCA794BAEC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [UDP Query User{5D8F56BB-74C8-42DA-8A06-6137E5A06CE2}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [TCP Query User{40483D28-5B8D-4250-B353-B7DEFE574304}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{5F81ECB0-F187-416F-B563-88138D421B4A}] => (Allow) LPort=1900
FirewallRules: [{BAA9C1CF-0A0D-40EA-8E38-53AB51939343}] => (Allow) LPort=2869
FirewallRules: [{B7D1920E-03D9-45B2-8EE3-433472236E36}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EAB3C87-F5E1-4667-A63C-FBFA0EAA4977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{EF1B7469-2F83-4986-B1F4-B3BAC7812C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [UDP Query User{77A9F624-1464-4ECF-ABB0-FA07BB8D46C3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{D5E491AA-92FB-483C-82E6-339702729A32}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{F60247A5-5E88-4609-BD10-CEBF55D02D4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{74A65BB6-3117-43B2-B7D0-0987B6BFB544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [UDP Query User{6E3A34B7-C8A4-488C-A7BC-CC8872D98894}C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{815E741A-F708-4C19-A985-D58FFF5082C8}C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A28138A5-BD8D-40F3-8738-320B0AF6C90B}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Allow) C:\program files (x86)\makemkv\makemkvcon64.exe
FirewallRules: [TCP Query User{BD6FDF31-D9AF-4F6A-8839-2EB72FE2C13D}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Allow) C:\program files (x86)\makemkv\makemkvcon64.exe
FirewallRules: [{1E5CFEFD-1361-4FC1-88C3-C72340D70E39}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E8027A51-98E3-4531-BD1E-21EABE99C48B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{1B1EA51D-E185-4757-B68F-058ED4088110}J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe] => (Allow) J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe
FirewallRules: [TCP Query User{2F836463-65AF-4437-BB31-1BC741343282}J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe] => (Allow) J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe
FirewallRules: [{241A381E-BB20-4782-9FBF-21B3BCC7146C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9842E21D-4A30-494D-AD0F-39D677FB65F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{BE0A011F-A2FB-4192-91EB-2E7DD86902A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1DE85618-A800-4734-8EF7-ACAF4B6CB4D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{99962BDC-C549-4562-BC0D-B0828F1AD21C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Heaven\PinkHeaven.exe
FirewallRules: [{F5DA0CA8-CB54-4214-8268-D0F4E44DA08E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Heaven\PinkHeaven.exe
FirewallRules: [{C4F36EBD-17D5-458B-A874-3EF18608A60D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Hour\PinkHour.exe
FirewallRules: [{CE8F7008-F9D4-4521-9CD1-8EF92844FB9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Hour\PinkHour.exe
FirewallRules: [{90D274C6-DBC5-4EDD-8AAB-A0520063A980}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE2C0E49-86DB-4C3E-97D3-B4CA88F7B484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD64A23B-1A2E-4992-B340-30C89E246593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mighty Switch Force! Hose It Down!\HoseItDown.exe
FirewallRules: [{7C0CA58B-8C11-4537-8AFC-4423D220433B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mighty Switch Force! Hose It Down!\HoseItDown.exe
FirewallRules: [{83E0EC28-DFE3-4B41-B3BE-6277D2627E2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm7.exe
FirewallRules: [{581626F8-FD6A-4503-AA49-507CA4EF59EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm7.exe
FirewallRules: [{09E0B2C6-62F7-4423-A32C-8066B657DA85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm5.exe
FirewallRules: [{E8EE5830-455D-463D-BFF6-19FE1AD7CEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm5.exe
FirewallRules: [{437F58D2-121D-4161-A672-562C5B3C60AB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B534FD21-433E-44E7-B638-A4DEF76F0B9E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{427066B3-A4BC-4524-B212-ABD2B7CD4211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitB\8BB.exe
FirewallRules: [{17F357CE-6E1C-4645-810D-2D1F0370FA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitB\8BB.exe
FirewallRules: [TCP Query User{4D90F1E0-4031-4C81-8912-62CA25AD038B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3DA30484-194E-4837-86A2-2552DE50D1CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7DFC39AD-56BC-4055-9E6F-80FB0AD7CED8}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
FirewallRules: [{FF4B6C72-5AB8-4DD2-837D-B89E922F89F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F1319CB0-04AF-47B4-ADC2-2D5178E4570B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{02C518C1-39FB-40E6-8DFA-DE51830F6857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{C1D19D5D-3948-4EAB-A997-B32A53A0D755}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

__

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-10-12 17:00:12
-----------------------------
17:00:12.159 OS Version: Windows x64 6.2.9200
17:00:12.159 Number of processors: 6 586 0xA00
17:00:12.160 ComputerName: LICORICE-PC UserName: Ryan Nakai
17:00:17.319 Initialize success
17:00:17.381 VM: initialized successfully
17:00:17.385 VM: Amd CPU BiosDisabled
17:10:38.783 AVAST engine defs: 17030301
17:20:14.632 The log file has been saved successfully to "C:\Users\Ryan Nakai\Desktop\aswMBR.txt"

Juliet
2017-10-13, 15:36
Start Farbar Recovery Scan Tool (Please double-click on FRST/FRST64) with Administrator privileges

or Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time
or

Right click/highlight on the text below and select Copy.
beginning with Start:: and finishing with End::


Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

******

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


http://i.imgur.com/iT103hr.pngJunkware Removal Tool (JRT)

Download Junkware Removal Tool (JRT) (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) and move it to your Desktop
Right-click on JRT.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Press on any key to launch the scan and let it complete
http://i.imgur.com/tLsXbWy.png
Credits : BleepingComputer.com
Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply

created by Aura
~~~~~~~~~~~~~~~~~

If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
Let the scan run, the time required to complete the scan depends of your system and computer specs
Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button

If it asks you to restart your computer to complete the removal, do so

Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply



~~
In Your next reply post

Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted JRT log
Malwarebytes log

PotatoUser
2017-10-14, 01:57
I could not get the JRT nor the Malwarebytes logs as they seized up during scanning.

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Ryan Nakai (13-10-2017 15:24:24) Run:1
Running from C:\Users\Ryan Nakai\Desktop
Loaded Profiles: Ryan Nakai (Available Profiles: Ryan Nakai & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
Emptytemp:

*****************

Processes closed successfully.

--

# AdwCleaner 7.0.3.1 - Logfile created on Fri Oct 13 21:33:45 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Ryan Nakai\AppData\Roaming\dvdvideosoftiehelpers
Deleted: C:\Users\Ryan Nakai\AppData\Local\Pokki
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\Ryan Nakai\AppData\Roaming\Auslogics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted: [Key] - HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Key] - HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3561 B] - [2017/10/13 21:31:52]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Juliet
2017-10-14, 03:58
I could not get the JRT nor the Malwarebytes logs as they seized up during scanning.
That could be from security apps running in the back ground
You can try to boot into safe mode and run the scans again.

Can you look for Fixlog.txt
The one you posted looks to be incomplete.

~~

https://i.imgur.com/KyRxOXI.pngZemana AntiMalware

Download and install Zemana AntiMalware (https://www.zemana.com/AntiMalware)
Open Zemana AntiMalware, and click on the Scan button
Wait for the scan to complete
Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
If it asks you to reboot your computer to finish the clean-up, do so
After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
A log will open in Notepad
Copy/paste the content of that log in your next reply

created by Aura
**
please post this log when finished.

How is the computer now?

PotatoUser
2017-10-14, 07:01
Here is the fixlog

I cannot find a way to boot into safe mode and what I am trying to do is somehow being blocked by this thing.

__

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Ryan Nakai (13-10-2017 15:24:24) Run:1
Running from C:\Users\Ryan Nakai\Desktop
Loaded Profiles: Ryan Nakai (Available Profiles: Ryan Nakai & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
Emptytemp:

*****************

Processes closed successfully.

Juliet
2017-10-14, 14:48
How to boot into safe mode
https://www.pcworld.com/article/2984712/windows/how-to-enter-windows-10s-safe-mode.html

Were you able to run the Zemana AntiMalware scan?

~~
Please follow the instructions below to run Malwarebytes Anti Rootkit (MBAR)
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

PotatoUser
2017-10-15, 05:05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Ryan Nakai (Limited) on Sat 10/14/2017 at 15:45:17.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\1952 (Folder)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\3326 (Folder)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\7439 (Folder)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\8502 (Folder)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi (File)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\extensions\staged (Folder)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml (File)
Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js (File)



Registry: 5

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_01263A5253C555C4A9D4CAD3ADB95ECB (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/14/2017 at 15:47:11.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


___


# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 14 21:14:41 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 09-29-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3288 B] - [2017/10/13 21:33:45]
C:/AdwCleaner/AdwCleaner[S0].txt - [3561 B] - [2017/10/13 21:31:52]
C:/AdwCleaner/AdwCleaner[S1].txt - [1082 B] - [2017/10/14 19:26:7]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

__


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/14/2017
Scan Time: 6:41 PM
Logfile: MB.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.10.14.08
Rootkit Database: v2017.10.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Ryan Nakai

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356191
Time Elapsed: 26 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.DVDVideoSoft, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{ACAA314B-EEBA-48e4-AD47-84E31C44796C}, C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\, Quarantined, [a1bf25b60f9ad95d48142883c938df21]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Quarantined, [bba5f1eaaffa0a2c4a6675964cb6af51],
PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Quarantined, [49177e5d72379d99c3ed8586f90934cc],
PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.myway.com_0.localstorage, Quarantined, [bfa14f8cb6f32f0762bf29e71fe349b7],
PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, Quarantined, [1947cf0c9c0ddb5bb66b1af6f80afa06],

Physical Sectors: 0
(No malicious items detected)


(end)

___

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/10/14
Operating System : Windows 10 64-bit
Processor : 6X AMD Phenom(tm) II X6 1045T Processor
BIOS Mode : Legacy
CUID : 12A24B39E35E010AB389DE
Scan Type : System Scan
Duration : 40m 48s
Scanned Objects : 223311
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Shortcut
Status : Scanned
Object : --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : --app-id=gjieilkfnnjoihjjonajndjldjoagffm
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

BehindTheOverlay
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - BehindTheOverlay

Crackle
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ibfamoapbmmmlknoopmmfofgladlinic
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Crackle


Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0


____


Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/10/14
Operating System : Windows 10 64-bit
Processor : 6X AMD Phenom(tm) II X6 1045T Processor
BIOS Mode : Legacy
CUID : 12A24B39E35E010AB389DE
Scan Type : System Scan
Duration : 37m 52s
Scanned Objects : 210372
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Crackle
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ibfamoapbmmmlknoopmmfofgladlinic
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Crackle


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

PotatoUser
2017-10-15, 05:13
The computer can shut down now!

Juliet
2017-10-15, 15:56
Thank you for the logs.


The computer can shut down now!
Hope thats a good thing.

~~~
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

created by Aura

After running the above scan, tell me how the computer is now.

PotatoUser
2017-10-15, 21:52
Emsisoft Emergency Kit - Version 2017.8
Forensics log

Date Component Action Details
10/15/2017 12:37:58 PM User LICORICE-R-PC\RYAN NAKAI Infection quarantined PUP "Application.AdReg (A)" in "DEFAULTTABBHO.DEFAULTTABBROWSER".
10/15/2017 12:37:57 PM User LICORICE-R-PC\RYAN NAKAI Infection quarantined PUP "Application.InstallAd (A)" in "PDFFORGE".
10/15/2017 12:37:57 PM User LICORICE-R-PC\RYAN NAKAI Infection quarantined PUP "Application.AdReg (A)" in "DEFAULTTABBHO.DEFAULTTABBROWSER.1".
10/15/2017 12:36:48 PM Scanner Scan finished Found 4 objects , user to decide on further actions.
10/15/2017 11:57:30 AM Scanner Detection PUP "Application.AdReg (A)" in "DEFAULTTABBHO.DEFAULTTABBROWSER" and 3 other objects
10/15/2017 11:56:52 AM User LICORICE-R-PC\Ryan Nakai Scan started Malware Scan
10/15/2017 11:56:32 AM User LICORICE-R-PC\Ryan Nakai Setting modified "Detect PUPs" has been changed to "Enabled".
10/15/2017 11:53:08 AM User Update Downloaded and installed 64 files (15874 kb) (1 min. 44 sec.).
10/15/2017 11:51:24 AM Core Notification "Recommended Reading:New in 2017.9: Making things simpler and easier".
10/15/2017 11:51:13 AM User Update Failed with error "Server returned error" (0 sec.).
___


The Computer's working smoothly now plus it can shut down faster than ever!

Juliet
2017-10-16, 12:24
The Computer's working smoothly now plus it can shut down faster than ever!
Yes!

When you ran the online scan, every item in the list of found objects was checked, and you clicked on the Quarantine button?

PotatoUser
2017-10-17, 00:18
I did, They're all been quarantined!

Juliet
2017-10-17, 00:58
I think it's time to send you on your way.

DelFix


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

PotatoUser
2017-10-17, 01:41
..Done.

Thank you so much taking the time to help me. I'll call on you again if things goes south. :thanks:

Juliet
2017-10-17, 01:55
Your very welcome.

Juliet
2017-10-20, 13:02
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.