Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Fareit and keylogger

  1. #1
    Junior Member
    Join Date
    Jan 2017
    Posts
    7

    Default Fareit and keylogger

    I have been running Defender and it finds these 2 but can not seem to remove them. Help please?


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
    Ran by Shane (administrator) on OBERON (22-01-2017 18:52:43)
    Running from C:\Users\Shane\Desktop
    Loaded Profiles: Shane (Available Profiles: Shane)
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CRESTRON\MSSQL\Binn\sqlservr.exe
    (Waves Audio Ltd.) C:\Windows\SysWOW64\SGDawNodeService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (RME) C:\Windows\System32\madifaceusb.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
    (RME) C:\Windows\System32\TotalMixFX.exe
    (Alienware Corp.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe
    (Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\regedit.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35576 2015-06-30] (Alienware)
    HKLM\...\Run: [GraphicsAmplifierSW] => [X]
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-09] (Synaptics Incorporated)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-04-27] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [Blackmagic Streaming Server] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe [995840 2015-09-01] ()
    HKLM\...\Run: [Blackmagic CheckVersion PCI] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe [107595568 2015-09-01] (Blackmagic Design)
    HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2108744 2016-06-21] (Palo Alto Networks)
    HKLM\...\Run: [MadifaceeUsbTray1] => C:\Windows\system32\madifaceusb.exe [420848 2016-11-29] (RME)
    HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [23932768 2016-11-29] (RME)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
    HKLM\...\Run: [DellCApp] => C:\Program Files\Dell\Click 2 Fix+\capp.exe -l
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DME-N Network Driver] => C:\Windows\SysWOW64\DME-N Network Driver.exe [395208 2010-06-23] (Yamaha Corporation)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother)
    HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746232 2015-10-15] (Alienware Corp.)
    HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
    HKLM-x32\...\Run: [Blackmagic CheckVersion] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
    HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2016-04-01] (CyberLink Corp.)
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\MountPoints2: {3b5ae955-c3d5-11e5-8261-9cb6d005425c} - "E:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\MountPoints2: {f9b2a238-6959-11e6-82b4-f8cab83f1bab} - "E:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\Winlogon: [Shell] - <==== ATTENTION
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175552 2016-04-27] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-04-27] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-22]
    ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-27]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
    Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-24]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [171480 2016-05-04] (Audinate Pty. Ltd.)
    Winsock: Catalog5-x64 07 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712 2016-05-04] (Audinate Pty. Ltd.)
    Tcpip\Parameters: [DhcpNameServer] 172.20.50.1
    Tcpip\..\Interfaces\{6D3AF994-497F-4BEB-8618-AA8C2BB36039}: [DhcpNameServer] 172.20.50.1
    Tcpip\..\Interfaces\{B9250369-1CC1-4BF3-BB1E-2181F9B3B00C}: [DhcpNameServer] 172.16.50.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> DefaultScope {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
    SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4124817852-1649296433-1094762776-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shane\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-12] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Users\Shane\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-11] (Cisco WebEx LLC)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
    CHR Extension: (Google Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-05]
    CHR Extension: (Google Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-05]
    CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
    CHR Extension: (Turn Off the Lights) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-01-03]
    CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-05]
    CHR Extension: (Google Search) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
    CHR Extension: (Adobe Acrobat) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-19]
    CHR Extension: (Google Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-05]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
    CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (OneNote Web Clipper) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2017-01-19]
    CHR Extension: (Cisco WebEx Extension) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
    CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-05]
    CHR Extension: (Chrome Media Router) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312056 2015-08-11] (Qualcomm Atheros)
    S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
    S4 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [329200 2016-05-04] (Audinate Pty Ltd)
    S4 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
    S4 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
    S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133640 2015-07-26] (Creative Technology Ltd)
    S4 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [428504 2016-05-04] (Audinate Pty. Ltd.)
    R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [104448 2017-01-07] (Dell)
    S4 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [104160 2016-09-09] (Dell)
    S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
    S4 dvhlp; C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [26112 2015-09-01] () [File not signed]
    S4 dvs.manager; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_service.exe [7359488 2015-09-09] (Audinate Pty. Ltd.) [File not signed]
    S4 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-08] (Intel Corporation)
    R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
    S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-27] (NVIDIA Corporation)
    S4 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [36112 2015-07-23] (Alienware)
    S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-06-23] (Intel Corporation)
    S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
    S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    S4 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
    S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
    S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [413184 2015-06-23] (Rivet Networks) [File not signed]
    R2 MSSQL$CRESTRON; C:\Program Files\Microsoft SQL Server\MSSQL10_50.CRESTRON\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
    S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-27] (NVIDIA Corporation)
    S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-27] (NVIDIA Corporation)
    S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-27] (NVIDIA Corporation)
    S4 OptocoreServer; C:\Program Files (x86)\Optocore\OptcrServer.exe [724992 2014-12-24] (Optocore GmbH) [File not signed]
    S4 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [3283272 2016-06-21] (Palo Alto Networks)
    R2 SGDawNodeService; C:\Windows\SysWOW64\SGDawNodeService.exe [5082624 2016-01-05] (Waves Audio Ltd.) [File not signed]
    S4 SQLAgent$CRESTRON; C:\Program Files\Microsoft SQL Server\MSSQL10_50.CRESTRON\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
    S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
    S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-09] (Synaptics Incorporated)
    S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
    S4 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation)
    S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-12-27] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-12-27] (Microsoft Corporation)
    S2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
    R3 cthda; C:\Windows\system32\drivers\cthda.sys [1075496 2015-07-26] (Creative Technology Ltd)
    S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
    S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
    R2 dvs.asio; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_asio.sys [226264 2015-09-09] (Audinate Pty. Ltd.)
    R3 dvs.wdm; C:\Windows\system32\DRIVERS\dvs_wdm.sys [296920 2015-09-09] (Audinate Pty. Ltd.)
    R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
    R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
    R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
    S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [79872 2014-09-09] (FTDI Ltd.) [File not signed]
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-02-09] ()
    R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [37160 2015-06-01] (Intel)
    R3 KillerEth; C:\Windows\system32\DRIVERS\e24w8x64.sys [126976 2015-04-29] (Qualcomm Atheros, Inc.)
    S3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [32736 2014-10-09] (Kionix, Inc.)
    R0 kxdiskprot; C:\Windows\System32\DRIVERS\kxdiskprot.sys [30664 2014-10-09] (Kionix, Inc.)
    S3 madifaceu64; C:\Windows\system32\drivers\madiface_usb_64.sys [213912 2016-11-29] (RME)
    R1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-17] ()
    S3 nhi; C:\Windows\system32\DRIVERS\tbt81x.sys [127048 2016-05-22] (Intel Corporation)
    R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [306112 2016-04-27] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-27] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-27] (NVIDIA Corporation)
    R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2016-06-21] (Palo Alto Networks)
    R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2325520 2015-05-29] (Qualcomm Atheros, Inc.)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
    R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
    S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
    S3 SmartView; C:\Windows\system32\DRIVERS\SmartView.sys [12288 2015-12-15] (Blackmagic Design)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
    R3 SoundGridMIDI; C:\Windows\system32\drivers\SoundGridMidi.sys [25424 2016-01-05] (Waves Audio Ltd.)
    R3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [11264 2016-01-05] (Waves Audio Ltd.) [File not signed]
    R2 SoundGridProtocol; C:\Windows\system32\DRIVERS\SoundGridProtocol.sys [89424 2016-01-05] (Waves Audio Ltd.)
    R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [48128 2016-01-05] (Waves Audio Ltd.) [File not signed]
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 SwitchersAccessories; C:\Windows\system32\DRIVERS\SwitchersAccessories.sys [15872 2015-11-09] (Blackmagic Design)
    R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2016-04-05] (USBPcap)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-12-27] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-12-27] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-12-27] (Microsoft Corporation)
    S3 WinDriver1200; C:\Windows\system32\drivers\windrvr1200.sys [300488 2015-10-09] (Jungo Connectivity)
    R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-04-01] (CyberLink Corp.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-22 18:52 - 2017-01-22 18:52 - 00026046 _____ C:\Users\Shane\Desktop\FRST.txt
    2017-01-22 18:49 - 2017-01-22 18:52 - 00000000 ____D C:\FRST
    2017-01-22 18:49 - 2017-01-22 18:49 - 02420736 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
    2017-01-22 12:10 - 2017-01-22 12:10 - 00019252 _____ C:\Users\Shane\Downloads\TV's at Kid's Check-In.pdf
    2017-01-22 11:08 - 2017-01-22 11:08 - 00381952 _____ C:\Windows\Minidump\012217-13703-01.dmp
    2017-01-19 22:04 - 2017-01-19 22:04 - 00369992 _____ C:\Windows\Minidump\011917-10953-01.dmp
    2017-01-19 22:03 - 2017-01-22 16:36 - 00000001 _____ C:\ProgramData\SRTCTUacSts.txt
    2017-01-19 22:02 - 2017-01-19 22:02 - 00000000 ____D C:\ProgramData\Touchfreeze
    2017-01-19 21:58 - 2017-01-19 21:58 - 00001822 _____ C:\Users\Public\Desktop\Dell Click 2 Fix+.lnk
    2017-01-19 21:58 - 2017-01-19 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Click 2 Fix+
    2017-01-19 21:27 - 2017-01-19 21:27 - 00420952 _____ C:\Users\Shane\Documents\ShaneWeber_Resume_012017.pdf
    2017-01-19 21:26 - 2017-01-19 21:26 - 00420939 _____ C:\Users\Shane\Documents\ShaneWeber_Resume_052016.pdf
    2017-01-19 15:26 - 2017-01-19 15:29 - 03648361 _____ C:\Users\Shane\Downloads\AVL 1-18-17.pdf
    2017-01-17 22:22 - 2017-01-17 22:22 - 00079145 _____ C:\Users\Shane\Downloads\Invoice-1128.pdf
    2017-01-17 22:18 - 2017-01-17 22:18 - 00080414 _____ C:\Users\Shane\Downloads\Invoice-1137.pdf
    2017-01-17 22:15 - 2017-01-17 22:15 - 00080103 _____ C:\Users\Shane\Downloads\Invoice-1157.pdf
    2017-01-16 21:34 - 2017-01-16 21:34 - 00382235 _____ C:\Users\Shane\Downloads\Assembly+Instruction+-+neutriCON (1).pdf
    2017-01-16 20:51 - 2017-01-16 20:51 - 04477630 _____ C:\Users\Shane\Downloads\Product+Guide+-+Section+Circular+Connectors.pdf
    2017-01-16 20:51 - 2017-01-16 20:51 - 00031820 _____ C:\Users\Shane\Downloads\Drawing+OSC8M.pdf
    2017-01-16 16:04 - 2017-01-16 16:03 - 00371200 _____ C:\Users\Shane\Downloads\part-number-Complete-List.xls
    2017-01-16 13:36 - 2017-01-16 13:37 - 00382235 _____ C:\Users\Shane\Downloads\Assembly+Instruction+-+neutriCON.pdf
    2017-01-16 13:10 - 2017-01-16 13:10 - 02932459 _____ C:\Users\Shane\Downloads\1 - Brightmoor Video Suite FP 1.10.17.pdf
    2017-01-16 13:09 - 2017-01-16 13:09 - 06687826 _____ C:\Users\Shane\Downloads\2 - Brightmoor Christian Church 01.11.17 Shop Drawings Rev.1 (1).pdf
    2017-01-16 09:45 - 2017-01-16 09:45 - 06687826 _____ C:\Users\Shane\Downloads\2 - Brightmoor Christian Church 01.11.17 Shop Drawings Rev.1.pdf
    2017-01-16 09:08 - 2017-01-16 09:09 - 00000000 ____D C:\Windows\LastGood.Tmp
    2017-01-15 13:26 - 2017-01-15 13:29 - 00153868 _____ C:\Users\Shane\Downloads\Form8283_LOI.pdf
    2017-01-14 16:22 - 2017-01-14 16:22 - 00330496 _____ C:\Windows\Minidump\011417-13250-01.dmp
    2017-01-14 16:15 - 2017-01-14 16:15 - 00182826 _____ C:\Users\Shane\Downloads\Installation_Promo.pdf
    2017-01-13 09:22 - 2017-01-13 09:22 - 02819980 _____ C:\Users\Shane\Downloads\proav_price_list.pdf
    2017-01-13 09:16 - 2017-01-13 09:16 - 00063353 _____ C:\Users\Shane\Downloads\EIKI-Projector-Comparison-Aug-2016.pdf
    2017-01-12 17:23 - 2017-01-12 17:23 - 00071591 _____ C:\Users\Shane\Downloads\EK-810U-Lens-Chart.pdf
    2017-01-12 17:13 - 2017-01-12 17:13 - 00119250 _____ C:\Users\Shane\Downloads\EK-620U-Specifications (1).pdf
    2017-01-12 17:13 - 2017-01-12 17:13 - 00086338 _____ C:\Users\Shane\Downloads\EK-620U-Lens-Chart.pdf
    2017-01-12 17:12 - 2017-01-12 17:12 - 00119250 _____ C:\Users\Shane\Downloads\EK-620U-Specifications.pdf
    2017-01-12 17:05 - 2017-01-12 17:05 - 00000000 ____D C:\Users\Shane\Documents\Converted Data
    2017-01-12 16:18 - 2017-01-12 16:18 - 00347560 _____ C:\Windows\Minidump\011217-13078-01.dmp
    2017-01-12 16:16 - 2016-09-11 01:20 - 00037832 _____ C:\Windows\system32\Drivers\iqvw64e.sys
    2017-01-12 16:08 - 2017-01-12 16:14 - 00000000 ____D C:\Users\Shane\Documents\OLM-PST
    2017-01-12 16:05 - 2017-01-12 16:05 - 09201064 _____ (Gladwev Software Private Limited®) C:\Users\Shane\Downloads\Gladwev OLM To PST Converter Setup.exe
    2017-01-12 16:05 - 2017-01-12 16:05 - 00003093 _____ C:\Users\Shane\Desktop\OLMtoPST Converter Pro.lnk
    2017-01-12 16:05 - 2017-01-12 16:05 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OLMtoPST Converter Pro
    2017-01-12 16:05 - 2017-01-12 16:05 - 00000000 ____D C:\Users\Shane\AppData\Local\KNR-iDigital
    2017-01-12 16:05 - 2017-01-12 16:05 - 00000000 ____D C:\Program Files (x86)\OLMtoPST Converter Pro 1.4
    2017-01-12 16:03 - 2017-01-12 16:03 - 00000165 ____H C:\Users\Shane\Documents\~$OLK-120916.olm
    2017-01-12 15:05 - 2017-01-12 15:05 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-01-12 15:05 - 2017-01-12 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-01-12 15:05 - 2017-01-12 15:05 - 00000000 ____D C:\Program Files\iTunes
    2017-01-12 15:05 - 2017-01-12 15:05 - 00000000 ____D C:\Program Files\iPod
    2017-01-12 14:44 - 2017-01-12 14:44 - 00516608 _____ C:\Users\Shane\Downloads\ezip.xls
    2017-01-12 14:43 - 2017-01-12 16:18 - 18160640 _____ C:\Users\Shane\Downloads\proav_price_list.xls
    2017-01-12 14:43 - 2017-01-12 14:43 - 00283936 _____ C:\Users\Shane\Downloads\proav_summary_retail.pdf
    2017-01-12 14:43 - 2017-01-12 14:43 - 00089004 _____ C:\Users\Shane\Downloads\BWG 4th & 5th Year Warranty Spreadsheet.pdf
    2017-01-12 10:37 - 2017-01-12 10:37 - 00362934 _____ C:\Users\Shane\Downloads\MMS_Bill of Lading_TEMPLATE (1).pdf
    2017-01-12 10:37 - 2017-01-12 10:37 - 00339069 _____ C:\Users\Shane\Downloads\MMS_Bill of Lading_TEMPLATE-Form.pdf
    2017-01-12 10:18 - 2017-01-12 10:18 - 00322289 _____ C:\Users\Shane\Downloads\MMS_Bill of Lading_TEMPLATE.pdf
    2017-01-12 09:47 - 2017-01-22 18:14 - 00000576 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job
    2017-01-12 09:47 - 2017-01-22 17:44 - 00000672 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job
    2017-01-12 09:47 - 2017-01-12 09:47 - 00003668 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001
    2017-01-12 09:47 - 2017-01-12 09:47 - 00003572 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001
    2017-01-11 14:13 - 2017-01-11 14:12 - 06184099 _____ C:\Users\Shane\Documents\PMP_TEST-01.pdf
    2017-01-04 12:29 - 2017-01-04 12:34 - 00000000 ____D C:\Program Files\Plumbytes Software
    2017-01-03 05:58 - 2016-08-27 13:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-01-03 05:58 - 2016-08-27 13:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2017-01-03 05:58 - 2016-08-27 13:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
    2017-01-03 05:58 - 2016-08-27 12:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-01-03 05:58 - 2016-08-27 12:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2017-01-03 05:58 - 2016-08-27 12:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
    2017-01-03 05:58 - 2016-08-27 10:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2017-01-03 05:58 - 2016-08-27 09:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2017-01-03 05:58 - 2016-07-09 10:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
    2017-01-03 05:58 - 2016-07-08 16:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-01-03 05:58 - 2016-07-08 08:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
    2017-01-03 05:58 - 2016-07-08 08:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
    2017-01-03 05:58 - 2016-07-07 16:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
    2017-01-03 05:58 - 2016-07-07 16:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
    2017-01-03 05:58 - 2016-07-07 16:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
    2017-01-03 05:58 - 2016-07-07 16:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
    2017-01-03 05:58 - 2016-07-07 15:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
    2017-01-03 05:58 - 2016-07-07 14:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2017-01-03 05:58 - 2016-07-07 14:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
    2017-01-03 05:58 - 2016-07-07 14:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
    2017-01-03 05:58 - 2016-07-07 14:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
    2017-01-03 05:58 - 2016-07-07 14:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2017-01-03 05:58 - 2016-07-07 14:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
    2017-01-03 05:58 - 2016-07-07 14:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
    2017-01-03 05:58 - 2016-07-07 14:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
    2017-01-03 05:58 - 2016-07-07 14:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
    2017-01-03 05:58 - 2016-07-07 13:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
    2017-01-03 05:58 - 2016-07-07 13:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
    2017-01-03 05:58 - 2016-07-03 21:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
    2017-01-03 05:58 - 2016-07-01 14:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
    2017-01-03 05:58 - 2016-07-01 14:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
    2017-01-03 05:58 - 2016-06-18 14:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2017-01-03 05:58 - 2016-06-18 14:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
    2017-01-03 05:58 - 2016-06-11 13:52 - 00057184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
    2017-01-03 05:58 - 2016-06-11 12:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
    2017-01-03 05:58 - 2016-06-11 11:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
    2017-01-03 05:58 - 2016-06-11 10:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-01-03 05:58 - 2016-06-11 10:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
    2017-01-03 05:58 - 2016-06-11 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
    2017-01-03 05:58 - 2016-06-11 10:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2017-01-03 05:58 - 2016-06-11 10:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-01-03 05:58 - 2016-06-11 10:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2017-01-03 05:58 - 2016-06-11 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2017-01-03 05:58 - 2016-06-10 15:34 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
    2017-01-03 05:58 - 2016-06-10 14:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
    2017-01-03 05:58 - 2016-06-10 12:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
    2017-01-03 05:58 - 2016-06-10 12:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2017-01-03 05:58 - 2016-06-10 12:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
    2017-01-03 05:58 - 2016-06-10 12:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
    2017-01-03 05:58 - 2016-06-10 12:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
    2017-01-03 05:58 - 2016-06-10 12:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
    2017-01-03 05:58 - 2016-06-09 13:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2017-01-03 05:58 - 2016-06-09 12:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2017-01-03 05:58 - 2016-06-07 12:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
    2017-01-03 05:58 - 2016-06-07 11:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
    2017-01-03 05:47 - 2017-01-03 05:47 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-22 18:12 - 2016-01-11 15:51 - 00000000 ____D C:\Users\Shane\Documents\Outlook Files
    2017-01-22 17:47 - 2016-01-05 20:20 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4124817852-1649296433-1094762776-1001
    2017-01-22 17:30 - 2016-01-08 12:23 - 00000000 ____D C:\Users\Shane\Documents\WebFeatProductions
    2017-01-22 16:57 - 2016-02-08 15:54 - 00000000 ____D C:\Users\Shane\Documents\RealEstate
    2017-01-22 16:55 - 2016-01-11 15:57 - 00000000 ____D C:\Users\Shane\Documents\Devotions
    2017-01-22 12:42 - 2016-01-05 20:15 - 00000000 ____D C:\Users\Shane\AppData\Local\Packages
    2017-01-22 11:13 - 2014-11-20 22:42 - 00964724 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-01-22 11:13 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
    2017-01-22 11:10 - 2016-01-05 20:15 - 00000000 ____D C:\Users\Shane
    2017-01-22 11:08 - 2016-01-22 10:53 - 1863937649 _____ C:\Windows\MEMORY.DMP
    2017-01-22 11:08 - 2016-01-22 10:53 - 00000000 ____D C:\Windows\Minidump
    2017-01-22 11:08 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-01-19 22:24 - 2016-01-11 17:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-01-19 22:23 - 2016-01-11 17:01 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-01-19 22:05 - 2015-12-27 02:11 - 00000000 ____D C:\ProgramData\PCDr
    2017-01-19 21:58 - 2015-12-27 02:14 - 00000000 ____D C:\Program Files\Dell
    2017-01-19 21:54 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2017-01-16 09:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
    2017-01-14 16:23 - 2016-03-06 17:32 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-01-14 16:23 - 2016-01-05 20:15 - 00000000 __SHD C:\Users\Shane\IntelGraphicsProfiles
    2017-01-14 16:22 - 2016-05-06 14:32 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-01-13 15:23 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-01-13 15:22 - 2015-12-27 02:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-01-12 15:05 - 2016-03-18 09:51 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-01-12 09:47 - 2016-03-06 16:58 - 00000000 ____D C:\Users\Shane\AppData\Local\Citrix
    2017-01-06 15:38 - 2016-03-01 10:38 - 00000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
    2017-01-03 06:17 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
    2017-01-03 06:04 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
    2017-01-03 06:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\setup
    2017-01-03 06:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\setup
    2017-01-03 05:59 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-12-29 21:36 - 2016-08-05 10:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-12-29 21:01 - 2016-03-07 15:31 - 00000000 ____D C:\ProgramData\TEMP
    2016-12-29 19:11 - 2016-01-05 20:15 - 00000000 ____D C:\Users\Shane\AppData\Roaming
    2016-12-29 10:57 - 2013-08-22 09:36 - 00000000 __RSD C:\Windows\assembly
    2016-12-29 10:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness

    ==================== Files in the root of some directories =======

    2016-01-15 08:43 - 2016-01-19 18:30 - 0036804 _____ () C:\Users\Shane\AppData\Roaming\Comma Separated Values.ADR
    2016-08-15 11:12 - 2016-08-15 11:12 - 0000600 _____ () C:\Users\Shane\AppData\Local\PUTTY.RND
    2016-01-12 07:41 - 2016-01-13 08:28 - 0007605 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
    2017-01-19 22:03 - 2017-01-22 16:36 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

    Some files in TEMP:
    ====================
    2017-01-12 16:05 - 2017-01-12 16:05 - 0433576 _____ () C:\Users\Shane\AppData\Local\Temp\OLMtoPSTConverterProSetup.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-13 17:49

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
    Ran by Shane (22-01-2017 18:53:06)
    Running from C:\Users\Shane\Desktop
    Windows 8.1 Pro (Update) (X64) (2016-01-06 02:15:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4124817852-1649296433-1094762776-500 - Administrator - Disabled)
    Guest (S-1-5-21-4124817852-1649296433-1094762776-501 - Limited - Disabled)
    Shane (S-1-5-21-4124817852-1649296433-1094762776-1001 - Administrator - Enabled) => C:\Users\Shane

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    . . . (Version: 2.1.28.3 - Intel) Hidden
    . . . (x32 Version: 2.6.1.4 - Intel) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
    AFMG Database Service (HKLM-x32\...\InstallShield_{B83698B3-001B-4E51-ABC7-C71DBCA1B63D}) (Version: 1.00.00 - AFMG)
    AFMG Database Service (Version: 1.00.00 - AFMG) Hidden
    AFMG Licence Manager (HKLM-x32\...\{F2499F77-9924-4137-B514-13F488B4FE55}) (Version: 1.0.5 - AFMG)
    AFMG Software Prerequisites (HKLM-x32\...\{0A44ED35-3A20-4DE8-B172-5FD061ED558D}) (Version: 1.0.0 - AFMG)
    AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
    Alienware Command Center (HKLM-x32\...\InstallShield_{D5BC2B54-1297-4765-ABF5-FE43ED0067DD}) (Version: 4.5.16.0 - Dell Inc.)
    Alienware Command Center (Version: 4.5.16.0 - Dell Inc.) Hidden
    Alienware Customer Connect (HKLM-x32\...\{99E581C6-471C-46CA-989E-3B17EB7E3F27}) (Version: 1.3.2.0 - Dell Inc.)
    Alienware Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
    Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{6AAC93BE-2E1D-4E49-8DDD-2DDF00AB4B33}) (Version: 2.0.16.0 - Dell Inc.)
    Alienware Graphics Amplifier Software Installer (Version: 2.0.16.0 - Dell Inc.) Hidden
    Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.20C - Alienware Corp.)
    Alienware On-Screen Display (x32 Version: 0.33.0.20C - Alienware Corp.) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Aviom A360 Channel Manager (HKLM-x32\...\{E8C5237F-CC98-4DCE-9A8D-978427E46CBA}) (Version: 3.0.1.4 - Aviom, Inc.)
    BD_3D Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.7510 - CyberLink Corp.)
    Blackmagic ATEM Switchers (HKLM\...\{EA784BD4-586B-40F7-8E7B-399AB35B1FA3}) (Version: 6.6.1.0 - Blackmagic Design)
    Blackmagic SmartView Utility (HKLM-x32\...\{FE3A3891-9F26-479B-BB7F-AC3F22280E76}) (Version: 4.0.1.0 - Blackmagic Design)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Brother BRAdmin Light 1.27.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.27.0001 - Brother)
    Brother HL-2170W (HKLM-x32\...\{53BF3CC4-5FCB-44E2-8B9A-0FE1B25D178A}) (Version: 1.00 - Brother)
    Brother MFL-Pro Suite MFC-9970CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
    Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
    Cisco WebEx Meetings (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    CodeMeter Runtime Kit v5.22a (HKLM\...\{8D299F2C-A3C8-49A5-A726-E885AB397243}) (Version: 5.22.1508.501 - WIBU-SYSTEMS AG)
    Composer 5.1 (HKLM-x32\...\{15EDE194-12D1-4A4B-A1AB-C61CE4B670CA}) (Version: 5.1 - Symetrix, Inc.)
    Crestron D3Pro Base Templates 2.02.020.00 (Black-Blue) (HKLM-x32\...\{79B0278E-6325-48BA-8DAB-22623B366D67}_is1) (Version: 2.02.020.00 - Crestron Electronics Inc.)
    Crestron D3Pro v3.03.002.00 (HKLM-x32\...\{1869F208-31E8-4392-B229-03B914031A68}_is1) (Version: - )
    Crestron DALI Commissioning Tool 2.42.324.01 (HKLM-x32\...\{71AE5E5E-36CA-41b3-BEB7-918BEDA4EC21}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
    Crestron Database 58.00.002.00 (HKLM-x32\...\{9E52ACC4-ABB4-41A1-9D99-1229F0E3C0C2}_is1) (Version: 58.00.002.00 - Crestron Electronics Inc.)
    Crestron Device Database76.00.002.00 (HKLM-x32\...\{6686F38D-1A32-4A8C-94D7-A2AA9C5F3C9B}_is1) (Version: 76.00.002.00 - Crestron Electronics Inc.)
    Crestron DVPHDTool 2.42.324.01 (HKLM-x32\...\{5B14B25D-838D-40D9-AA7E-DE880214A9F4}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
    Crestron Engraver v5.4.24.02 (HKLM-x32\...\{0573BDB1-CD8C-4591-BA90-DFCAD8F8C5AE}_is1) (Version: - )
    Crestron iLux Designer 2.01.04.06 (HKLM-x32\...\{1F287ED0-034E-4A76-B068-F78C2700B4B9}_is1) (Version: 2.01.04.06 - Crestron Electronics Inc.)
    Crestron MasterInstaller (HKLM-x32\...\{99D938EB-9933-4C27-AC2C-2D5FCF436ECB}_is1) (Version: 3.01.02.00 - Crestron Electronics Inc.)
    Crestron onCue BPC-8 Tool 2.42.324.01 (HKLM-x32\...\{CF3C916F-06D2-4507-807F-D09A4B0FAEB9}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
    Crestron Procise Tools 2.42.324.01 (HKLM-x32\...\{CCA3AB83-BCA7-4CFF-B96C-977CC0C1424A}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
    Crestron ProdigyTools 2.42.240.00 (HKLM-x32\...\{AE3B0014-DD7D-4156-8CB2-D2D8910AC8DF}_is1) (Version: 2.42.240.00 - Crestron Electronics Inc.)
    Crestron ProSoundTools 2.42.240.00 (HKLM-x32\...\{77FB7E6E-D48E-44A7-8257-CD7CF40AADE7}_is1) (Version: 2.42.240.00 - Crestron Electronics Inc.)
    Crestron SIMPL Window 4.04.03.00 (HKLM-x32\...\{8B508184-4E86-41C9-BCFF-EF8B1C7EF2BF}_is1) (Version: 4.04.03.00 - Crestron Electronics Inc.)
    Crestron SmartGraphics 2.11.05.12 (HKLM-x32\...\{1CE8BCAB-8F15-403F-A9A0-2D2000C6B554}_is1) (Version: 2.11.05.12 - Crestron Electronics Inc.)
    Crestron Studio v1.38.008.00 (HKLM-x32\...\{1824EB2E-3FC2-4854-BAA4-6633CFB94487}_is1) (Version: 1.38.008.00 - Crestron Electronics Inc.)
    Crestron SystemBuilder Base Templates 3.14.008.00 (Black-Blue) (HKLM-x32\...\{418B6E0F-F89A-44ED-8F05-3C8FEA09C50F}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
    Crestron SystemBuilder Theme 3.14.008.00 (Destiny:Frosted Glass Dark) (HKLM-x32\...\{2041FD79-F5A5-4791-8D77-C39BA367856E}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
    Crestron SystemBuilder Theme 3.14.008.00 (Destiny:Frosted Glass Light) (HKLM-x32\...\{13828341-3A16-456F-890F-1B777EAF6ECF}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
    Crestron SystemBuilder Theme v3.14.008.00 (Black-Green) (HKLM-x32\...\{8F9F48C0-44BE-4C05-B24F-E4FC7CDD13C8}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
    Crestron SystemBuilder v3.14.013.00 (HKLM-x32\...\{44B3D6ED-96A4-4399-A328-9F1F58735802}_is1) (Version: - )
    Crestron Toolbox 2.42.324.01 (HKLM-x32\...\{1B52BC01-2F6E-4FAE-BB09-1F28D2BF1D63}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
    Crestron VisionTools Pro-e 6.1.02.54 (HKLM-x32\...\{E74BC26C-A114-4AE0-990E-BBFBB9F592A4}_is1) (Version: 6.1.02.54 - Crestron Electronics Inc.)
    Crestron XPanel (HKLM-x32\...\CrestronXPanel) (Version: 2.11.05 - Crestron Electronics, Inc)
    Crestron XPanel (x32 Version: 2.11.05 - Crestron Electronics, Inc) Hidden
    CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2718.58 - CyberLink Corp.)
    Dante Control and Monitoring (HKLM-x32\...\{32B9C78C-6BA0-456F-8053-5BA6305AEA37}) (Version: 1.10.4.1 - Audinate Pty. Ltd.)
    Dante Controller (HKLM-x32\...\{23d3390c-f053-4a97-9c1c-f3b09ab50ada}) (Version: 3.6.2.4 - Audinate Pty. Ltd.)
    Dante Controller (x32 Version: 3.6.2.4 - Audinate) Hidden
    Dante Discovery (HKLM\...\{BB809BBB-7F71-402D-B0C0-603008B0BB59}) (Version: 1.2.1.1 - Audinate Pty. Ltd.)
    Dante Firmware Update Manager (HKLM-x32\...\{29106ff3-7b7d-4026-a7bc-4a117c0bd7be}) (Version: 3.10.0.9 - Audinate Pty. Ltd.)
    Dante Firmware Update Manager Core (x32 Version: 3.10.0.9 - Audinate Pty. Ltd.) Hidden
    Dante Virtual Soundcard (HKLM-x32\...\{2ddf2ee3-abee-4c1d-81a8-eb0d658d54e9}) (Version: 3.7.4.2 - Audinate Pty. Ltd.)
    Dante Virtual Soundcard (Version: 3.7.4.2 - Audinate) Hidden
    DashBoard 8.1.0 (HKLM-x32\...\DashBoard) (Version: 8.1.0 - Ross Video Limited)
    Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2615.03 - Dell)
    Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
    Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F0DB834}) (Version: 3.4.13900.0 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
    Dell System Detect (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
    DigiGrid MGB-MGO V9r10 (HKLM-x32\...\{97000050-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.7.10 - Waves)
    EASE 4.4 (HKLM-x32\...\{7BA1A360-647C-11D4-A0F9-00105ACC16E5}) (Version: - )
    EASE Focus 3 (HKLM-x32\...\InstallShield_{825B749A-80ED-4ECC-B89A-CE76097A68E6}) (Version: 3.0.15 - AFMG)
    EASE Focus 3 (x32 Version: 3.0.15 - AFMG) Hidden
    EASE GLL Viewer (HKLM-x32\...\{795B8848-B5F6-4C71-8243-19A446A61A3A}) (Version: 1.01.18 - AFMG)
    EASE SpeakerLab (HKLM-x32\...\{B052DFAB-10AF-48E5-9067-104C02959AE2}) (Version: 1.01.18 - AFMG)
    EASE SpeakerLab User Files (HKLM-x32\...\{3951009A-E703-4F10-82BB-5A542380EB4B}) (Version: 1.00.00 - AFMG)
    EASEGUARD (HKLM-x32\...\{DAD43F79-CC5F-11D5-A106-00105ACC16E5}) (Version: - )
    EASERA SysTune (HKLM-x32\...\{4A55E5DF-E250-4B8E-A597-9C867C6ED664}) (Version: 1.3.7 - AFMG)
    EASERA SysTune User Files (HKLM-x32\...\{F9D0F965-7FE2-437A-8746-8C359187C3BD}) (Version: 1.00.01 - AFMG)
    EASETOOLS (HKLM-x32\...\{1C18C0A9-7282-4F00-A874-0FD9CE40A1E3}) (Version: - )
    EMSC (x32 Version: 0.0.0.28 - Compal Electronics, Inc.) Hidden
    ENTTEC RDM Controller 2.115-beta (HKLM-x32\...\ENTTEC RDM Controller) (Version: 2.115-beta - ENTTEC)
    EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    Extron Electronics - Extron Product Configuration Software (HKLM-x32\...\{7DAD0032-FD6F-4C9D-A014-2426057FD95A}) (Version: 3.5.3.0 - Extron Electronics)
    Extron Electronics - USB Driver Installer v1.0.1 (HKLM\...\{CEF10C19-7370-4AC7-A7DE-1E82278B168A}) (Version: 1.0.1.0 - Extron Electronics)
    FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse)
    Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.2.8 - Kionix, Inc.)
    GLD Editor 1.51 (HKLM-x32\...\GLD Editor_is1) (Version: V1.51 - Rev. 19116 - Allen & Heath)
    GlobalProtect (HKLM\...\{E8279381-56CD-46AC-9517-ACF62F908141}) (Version: 3.1.0 - Palo Alto Networks)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GoToMeeting 7.30.0.6140 (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\GoToMeeting) (Version: 7.30.0.6140 - CitrixOnline)
    iLive Editor V1.94 (HKLM-x32\...\42241C6B-7388-4B11-9E1D-7AB6930F7F21) (Version: 1.94 - Allen & Heath)
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    Intel(R) USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.42 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    IRIS-Net V2.4.1 (HKLM-x32\...\IRIS-Net) (Version: V2.4.1 - EVI Audio GmbH)
    iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
    Just Add Drivers Configuration 3.2.6.0 (HKLM-x32\...\{9C58B7D4-9024-491f-8767-C73E70D1ACC9}_is1) (Version: 3.2.6.0 - Just Add Drivers Inc.)
    Killer Bandwidth Control Filter Driver (Version: 1.1.53.1215 - Rivet Networks) Hidden
    Killer E240x Drivers (Version: 1.1.53.1215 - Rivet Networks) Hidden
    Killer Network Manager (Version: 1.1.53.1215 - Rivet Networks) Hidden
    Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.53.1215 - Rivet Networks)
    Killer Wireless Drivers (HKLM-x32\...\{742340F2-BD38-406B-BE73-362D50FB0F4B}) (Version: 1.1.53.1215 - Rivet Networks)
    Killer Wireless-AC 1535 Drivers (Version: 1.1.53.1215 - Rivet Networks) Hidden
    L-ACOUSTICS Network Manager (HKLM-x32\...\L-ACOUSTICS Network Manager) (Version: 2.4.4.35 - L-ACOUSTICS)
    L-Acoustics Soundvision 3.0.5 (HKLM-x32\...\Soundvision 3.0.5) (Version: 3.0.5 - L-Acoustics)
    Lectrosonics Wireless Designer Help (HKLM-x32\...\Lectrosonics Wireless Designer Help) (Version: 2016.2.24 - Lectrosonics)
    London Architect (HKLM-x32\...\{0C932D7C-3AAD-4410-B7C7-876C4BB4A25B}) (Version: 1613 - BSS Audio)
    MAPP XT - Standalone (HKLM-x32\...\{DA9B31C6-6EAE-410A-BAC1-714CB57DFF22}) (Version: 1.1.3 - Meyer Sound Laboratories, Inc.)
    Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft CAPICOM 2.1.0.2 SDK (HKLM-x32\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation)
    Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2e7a9943-de7b-4030-8f40-63502f679ace}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Network Camera View 4S (HKLM-x32\...\{8A27C0FE-87C7-4169-BF5A-05BF94F70A54}) (Version: 4.29.02 - Panasonic System Networks Co.,Ltd.)
    NGINX Webserver (HKLM-x32\...\InstallShield_{F84F3BE5-50E7-48CD-89F9-5B6EA82D7CD1}) (Version: 1.1.1 - AFMG)
    NGINX Webserver (x32 Version: 1.1.1 - AFMG) Hidden
    NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
    NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    OLMtoPST Converter Pro 1.4 (HKLM-x32\...\{FB7E6150-ED7A-4BB6-8C67-9FED9144260A}) (Version: 1.4 - Gladwev Software Private Limited)
    Optocore Bundle (HKLM-x32\...\{9DA44CFF-8A89-407E-8103-01EFDDB6C500}_is1) (Version: 2.21.022 - Optocore GmbH)
    PanelBuilderSE (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\128153ff6d04e5ef) (Version: 1.1.7.21 - RCI Custom)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.12.0 - Prolific Technology INC)
    PRO-Manager 2.35 (HKLM-x32\...\PRO-Manager) (Version: - )
    Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.582 - Qualcomm Atheros)
    REAPER (x64) (HKLM\...\REAPER) (Version: - )
    RME DIGICheck (HKLM-x32\...\{872BD2A4-7CB6-4692-A74E-99ABA11DED75}) (Version: 581rel - RME)
    RME MADIface USB (HKLM\...\FIREFACE_USB) (Version: 0.9.583.0 - RME Intelligent Audio Solutions)
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
    Shure Update Utility (HKLM-x32\...\Shure Update Utility) (Version: 2.2.2 - Shure Inc)
    SIMPL+ Cross Compiler (HKLM-x32\...\{FB97A745-D1E6-435D-B942-264E94F89938}) (Version: 1.3 - Crestron Electronics Inc.)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Sound Blaster Recon3Di (HKLM-x32\...\{5A8C086D-D57E-4CE7-9B62-34F52EDBCAE6}) (Version: 1.00.14 - Creative Technology Limited)
    Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
    SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Studio Manager 64bit (HKLM-x32\...\InstallShield_{4D149210-AC22-4B88-AC49-076F55300E49}) (Version: 2.3.1.0 - Yamaha Corporation)
    Studio Manager 64bit (Version: 2.3.1.0 - Yamaha Corporation) Hidden
    Studio Manager 64bit (x32 Version: 2.3.1.0 - Yamaha Corporation) Hidden
    Symetrix Jupiter (HKLM-x32\...\InstallShield_{7B69FB16-BCD5-4599-907F-4126EC059385}) (Version: 3.0.2.0 - Symetrix, Inc.)
    Symetrix Jupiter (x32 Version: 3.0.2.0 - Symetrix, Inc.) Hidden
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
    Thunderbolt(TM) Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
    Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
    Tracks Live (HKLM\...\{DF11DBFE-5193-48DF-8929-3ED3D084D751}) (Version: 1.2 - Waves Audio)
    TurboCAD Deluxe 21 64-bit (HKLM\...\{6CD8A657-F7E3-4789-8FB1-E30264619ED9}) (Version: 21.2.591 - IMSIDesign)
    TurboCAD Deluxe 21 Symbols (HKLM-x32\...\{41DD5AD2-D367-4FA9-8EEC-8A8CE1371FBE}) (Version: 21.0.0 - IMSIDesign)
    USB Control Panel 2.0.7 64-bit (HKLM-x32\...\{3663834F-D92B-4485-804D-7A3B5CA70B58}) (Version: 2.00.7000 - DECIMATOR DESIGN)
    USBPcap 1.1.0.0-g794bf26-3 (HKLM\...\USBPcap) (Version: 1.1.0.0-g794bf26-3 - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WaveAgent (HKLM-x32\...\InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}) (Version: 1.20 - Sound Devices LLC)
    WaveAgent (x32 Version: 1.20 - Sound Devices LLC) Hidden
    Waves Central V1.0.3.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}) (Version: 1.0.4 - Waves)
    Waves SoundGrid Drivers 9.7.95.5 (HKLM\...\Waves SoundGrid Drivers_is1) (Version: - Waves Audio Ltd.)
    Windows Driver Package - Crestron Electronics Inc. (WinUSB) Crestron (11/09/2010 3.0.0.0) (HKLM\...\D49FBD114E4911AD03D99ED034ADA88310A1915A) (Version: 11/09/2010 3.0.0.0 - Crestron Electronics Inc.)
    Windows Driver Package - Decimator Design Decimator USB Device Driver Package (03/18/2011 2.08.14) (HKLM\...\EC1B02A4870ABE719DDA2A6943DF0FB974A180F7) (Version: 03/18/2011 2.08.14 - Decimator Design)
    Windows Driver Package - Extron Electronics (WinUSB) Extron (02/04/2013 1.0.1.0) (HKLM\...\B81DEDAD853684D67CB15F6AC65E14748A6F370C) (Version: 02/04/2013 1.0.1.0 - Extron Electronics)
    Windows Driver Package - FTDI LecNet2 Driver Package (03/18/2011 2.08.14) (HKLM\...\961673CC413A6FB35AB23061666C9A9467264DC0) (Version: 03/18/2011 2.08.14 - FTDI)
    Windows Driver Package - Kionix, Inc. (kiox_ff_driver) Sensor I/O devices (10/09/2014 1.1.2.8) (HKLM\...\8DF797456310A45326D5CA27FA380061A19FA127) (Version: 10/09/2014 1.1.2.8 - Kionix, Inc.)
    Windows Driver Package - Kionix, Inc. kxdiskprot DiskDrive (10/09/2014 1.1.2.8) (HKLM\...\7115C5B3174715E634D96D0883A6ACF1B11140A8) (Version: 10/09/2014 1.1.2.8 - Kionix, Inc.)
    Windows Driver Package - Lectrosonics, Inc. CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\7E973AAFCC16B5BA9E13965B816AB2461F36FB15) (Version: 02/17/2009 2.04.16 - Lectrosonics, Inc.)
    Windows Driver Package - RME Fireface (02/05/2016 3.1.16.0) (HKLM\...\89A6B2E963B48FBEFE6A055CAC9393720E08D9E4) (Version: 02/05/2016 3.1.16.0 - RME)
    Windows Driver Package - RME Fireface (06/09/2015 3.1.15.0) (HKLM\...\7DB1C44C8497B04984278F9D2C6CAF2685A375F9) (Version: 06/09/2015 3.1.15.0 - RME)
    Windows Driver Package - RME Fireface (11/11/2016 3.1.21.0) (HKLM\...\D94B6A121E1E23B553DC12817D0A852650EE41CA) (Version: 11/11/2016 3.1.21.0 - RME)
    Windows Driver Package - RME MADIface (11/10/2016 0.9.583.0) (HKLM\...\FC99552C220868A384533B1526F8805023A2A75D) (Version: 11/10/2016 0.9.583.0 - RME)
    Wireless Designer (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\3882983757.lectrosonics.com) (Version: - lectrosonics.com)
    Wireless Workbench 6 (HKLM-x32\...\Wireless Workbench 6) (Version: 6.12.0 - Shure Inc)
    Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
    Yamaha Amp Editor (HKLM-x32\...\InstallShield_{167F6612-1B44-4A86-A88B-CF6019CA6CEB}) (Version: 1.3.1 - Yamaha Corporation)
    Yamaha Amp Editor (x32 Version: 1.3.1 - Yamaha Corporation) Hidden
    Yamaha DME-N Network Driver (HKLM-x32\...\{A0E2FB76-AF0C-4BC4-A646-399D14E3CB21}) (Version: 1.2.2 - Yamaha Corporation)
    Yamaha M7CL V3 Editor (HKLM-x32\...\InstallShield_{DDC3989E-B443-4E62-9801-A95F89DF96C0}) (Version: 3.5.4.58 - Yamaha Corporation)
    Yamaha M7CL V3 Editor (x32 Version: 3.5.4.58 - Yamaha Corporation) Hidden
    Yamaha MTX-MRX Editor V2.2 (HKLM-x32\...\InstallShield_{D79EAA54-B0FF-4C3F-98F3-6E449F761B5A}) (Version: 2.2.0 - Yamaha Corporation)
    Yamaha MTX-MRX Editor V2.2 (x32 Version: 2.2.0 - Yamaha Corporation) Hidden
    Yamaha QL Editor (HKLM-x32\...\InstallShield_{73963C3C-B681-484E-9B18-FC8494923990}) (Version: 4.0.1 - Yamaha Corporation)
    Yamaha QL Editor (x32 Version: 4.0.1 - Yamaha Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Shane\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{1f65cd4a-b284-4247-a0d8-4cbc3b99e265}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{4a200bc0-c3e0-4cd0-94f8-d0d58dec2a3e}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Regens\TCImage.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\ImsigxPS21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
    CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{DF9B76D3-539B-42DC-B0A3-80B0664B2C01}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\TcCfpLaunchTool.dll (IMSIDesign, LLC)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {11CEAFCC-54FF-439D-8CA3-E31CBD5CED24} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
    Task: {26278CDF-2DB6-4515-A395-9CC051FD2CF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {2C9471C8-D974-4B7A-9CAD-AE11AD10CDDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-05] (Google Inc.)
    Task: {2EB71203-1804-4F9B-90C2-87BDB7281A7F} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
    Task: {3AA29A60-D16F-4F4F-93E1-EBB1A1BF3B56} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
    Task: {45F3F64C-5616-4A71-9023-17DE80C0FDB6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {507ED709-8A6F-4BCB-8E33-AED54D3224D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001 => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe [2017-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {5732661A-73FE-470B-B37B-E56E34DC63A4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
    Task: {5F61CC95-9606-4FAE-91D9-1D482D0818B6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
    Task: {663BFC25-2019-44FF-86A7-D499ADED8985} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
    Task: {7F059476-F276-44A2-8EEF-062D5BB26A98} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {806CE3A9-60D4-414F-88D6-83882AEA43C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-05] (Google Inc.)
    Task: {812E766C-9906-4844-BDF8-0BF1C1792179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
    Task: {A971EA0E-906C-4B54-9FB0-6635DA476182} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
    Task: {B04A110E-79A8-43C5-A560-2270E7E9912C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
    Task: {BB48699A-9817-41CB-9D0F-A4D8E1F1B0EC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {C4E260E8-1E3D-4E67-800C-2F1FB8DBA70D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
    Task: {DEF42784-256B-4CF7-9EE8-76CB9164EB31} - System32\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001 => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe [2017-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {F7F1EE82-2699-4ECA-AEBF-623296ABC6EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {FB611C2C-F191-40FF-A3EA-AADB9421A1EA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
    Task: {FC756344-8C45-4665-8FE1-A0159B78AB06} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

    ==================== Loaded Modules (Whitelisted) ==============

    2016-01-14 20:49 - 2010-03-15 17:18 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
    2016-07-20 13:58 - 2016-06-08 18:12 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
    2016-07-20 13:58 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
    2016-07-20 13:58 - 2016-06-08 18:15 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
    2016-07-20 13:58 - 2016-06-08 18:16 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
    2016-07-20 13:58 - 2016-06-08 18:16 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
    2016-07-20 13:58 - 2016-06-08 18:16 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
    2016-07-20 13:58 - 2016-06-08 18:17 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
    2016-07-20 13:58 - 2016-06-08 18:17 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
    2016-07-20 13:58 - 2016-06-08 18:16 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
    2016-07-20 13:58 - 2016-06-08 18:15 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
    2017-01-19 21:58 - 2017-01-07 01:27 - 00925240 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll
    2017-01-19 21:58 - 2017-01-07 01:23 - 00107520 _____ () C:\Program Files\Dell\Click 2 Fix+\nfapi.dll
    2017-01-19 21:58 - 2017-01-07 01:25 - 00533520 _____ () C:\Program Files\Dell\Click 2 Fix+\ProtocolFilters.dll
    2016-08-28 15:04 - 2016-12-28 11:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-03-04 10:36 - 2016-03-04 10:36 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2014-05-30 16:34 - 2014-05-30 16:34 - 00939008 _____ () C:\Windows\SYSTEM32\EMSC.dll
    2017-01-17 17:07 - 2017-01-17 17:07 - 22950480 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
    2016-12-23 12:10 - 2016-12-23 12:10 - 00323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
    2016-09-30 17:36 - 2016-09-30 17:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
    2016-12-15 05:22 - 2016-12-08 01:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
    2016-12-15 05:22 - 2016-12-08 01:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:AstInfo [0]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
    AlternateDataStreams: C:\ProgramData\TEMP:9567EA29 [175]
    AlternateDataStreams: C:\Users\Shane\.DS_Store:AFP_AfpInfo [122]
    AlternateDataStreams: C:\Users\Shane\Desktop\TX-F:AFP_AfpInfo [122]
    AlternateDataStreams: C:\Users\Shane\Documents\Converted Data:AFP_AfpInfo [122]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\dell.com -> dell.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2015-08-13 14:46 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 172.20.50.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AlienFusionService => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: AtherosSvc => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: BrYNSvc => 3
    MSCONFIG\Services: chromoting => 3
    MSCONFIG\Services: CodeMeter.exe => 2
    MSCONFIG\Services: conmon => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: Crypkey License => 2
    MSCONFIG\Services: CTAudSvcService => 2
    MSCONFIG\Services: CtHdaSvc => 2
    MSCONFIG\Services: DanteDiscovery => 2
    MSCONFIG\Services: Dell Foundation Services => 2
    MSCONFIG\Services: DellDataVault => 2
    MSCONFIG\Services: DellDigitalDelivery => 2
    MSCONFIG\Services: dvhlp => 2
    MSCONFIG\Services: dvs.manager => 2
    MSCONFIG\Services: esifsvc => 2
    MSCONFIG\Services: GfExperienceService => 2
    MSCONFIG\Services: GoToAssist => 2
    MSCONFIG\Services: GraphicsAmplifierWindowsService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
    MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
    MSCONFIG\Services: Intel(R) Security Assist => 3
    MSCONFIG\Services: ioloEnergyBooster => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: isaHelperSvc => 2
    MSCONFIG\Services: jhi_service => 2
    MSCONFIG\Services: Killer Service V2 => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: NvNetworkService => 2
    MSCONFIG\Services: NvStreamNetworkSvc => 3
    MSCONFIG\Services: NvStreamSvc => 2
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: OptocoreServer => 2
    MSCONFIG\Services: PanGPS => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: SupportAssistAgent => 2
    MSCONFIG\Services: SynTPEnhService => 2
    MSCONFIG\Services: SystemUsageReportSvc_WILLAMETTE => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: ThunderboltService => 3
    MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE => 3
    HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "LAN to RS232 Bridge.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run: => "ShadowPlay"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Blackmagic CheckVersion PCI"
    HKLM\...\StartupApproved\Run: => "Blackmagic Streaming Server"
    HKLM\...\StartupApproved\Run: => "GlobalProtect"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "UpdReg"
    HKLM\...\StartupApproved\Run32: => "Sound Blaster Recon3Di SBX Control Panel"
    HKLM\...\StartupApproved\Run32: => "DME-N Network Driver"
    HKLM\...\StartupApproved\Run32: => "ControlCenter4"
    HKLM\...\StartupApproved\Run32: => "BrStsWnd"
    HKLM\...\StartupApproved\Run32: => "EEventManager"
    HKLM\...\StartupApproved\Run32: => "AirPort Base Station Agent"
    HKLM\...\StartupApproved\Run32: => "Blackmagic CheckVersion"
    HKLM\...\StartupApproved\Run32: => "PowerDVD15Agent"
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{CFF2A72E-A88E-41BB-86F2-537F7925C23D}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{421262CE-11D5-47EE-939E-FFC997055D18}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3265EE1A-6B97-4256-BE7B-2D7A71DF4CD5}] => C:\Users\Shane\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    FirewallRules: [{4E65034C-3588-47D9-B152-73FC4B16B291}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
    FirewallRules: [{9B58E24D-1DA6-4AAE-B2C9-BB7A7CD77148}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
    FirewallRules: [{4B1943AD-DDEB-472E-8163-BF56913CBF00}] => LPort=8800
    FirewallRules: [{908DE2B4-0F0B-4402-9B8C-51DEA33BEDB3}] => LPort=8751
    FirewallRules: [{944961B9-7BD3-4508-A8F6-A49D102BBE36}] => LPort=4321
    FirewallRules: [{503669C2-E1CD-411B-A1A8-5C7F602A5223}] => LPort=14600
    FirewallRules: [{705120DD-D227-4FCC-BA5F-A5777337FD65}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
    FirewallRules: [{03E61F17-31FD-4B49-BD0F-B035CF4E1499}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
    FirewallRules: [TCP Query User{DD5734AA-E522-49B6-9406-733B47ECC9ED}C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe
    FirewallRules: [UDP Query User{C0A41700-42C1-4A51-906F-382ADD3C4042}C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe
    FirewallRules: [{1B834DAB-DA11-4D40-804D-F4FD8688D99B}] => C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
    FirewallRules: [{AF1F1E22-F579-41CE-9805-DA0574524C47}] => C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
    FirewallRules: [{CB4517DA-AB16-4ABF-9519-6DD384BEADB6}] => LPort=54925
    FirewallRules: [TCP Query User{55651B7B-E46A-4057-B1FC-FFE15CAEC689}C:\program files (x86)\just add power\jadconfig\jadconfig.exe] => C:\program files (x86)\just add power\jadconfig\jadconfig.exe
    FirewallRules: [UDP Query User{D32D249E-9BBB-41FF-94A5-19CE5F880A58}C:\program files (x86)\just add power\jadconfig\jadconfig.exe] => C:\program files (x86)\just add power\jadconfig\jadconfig.exe
    FirewallRules: [TCP Query User{6D36367F-A0B8-4E4C-BFF1-0E0C23D9183A}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
    FirewallRules: [UDP Query User{910B2839-93C2-4987-9FFB-51AD4682A6D2}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
    FirewallRules: [TCP Query User{693FC4C5-DBD7-4E66-8FFC-3E2F38BD3B9D}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
    FirewallRules: [UDP Query User{E0FE45DC-5A7D-4A34-81B6-B2C2D3CC2FF1}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
    FirewallRules: [TCP Query User{72B202BE-FA66-4678-976F-169F0B11F338}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{E2FBD96C-FFAD-4356-95ED-DA3D409FB9CD}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{1487D8C1-F5E1-4424-9D82-C89372702109}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
    FirewallRules: [UDP Query User{4698B3B3-B44E-4D4B-98F3-2744228D25F8}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
    FirewallRules: [{F1279F32-F5EC-47DA-B2E9-17DD5A0341CC}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C94DEFBD-9BC5-406C-8D72-1190B7685E40}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EEA6FEBC-1DAC-434F-9434-E1B4A11EFEC3}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5FEDAE91-911B-49A6-AD0B-B655C187D917}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{20F794E6-34CD-4782-A998-F7D8905D2216}C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe
    FirewallRules: [UDP Query User{46A65B56-FCF8-43BF-A7B9-E120763C21AB}C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe
    FirewallRules: [TCP Query User{787DE791-BE23-4696-8ED3-73AB84CCD41F}C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe
    FirewallRules: [UDP Query User{D6EE16D9-1BF5-447F-8263-FF455F12CF30}C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe
    FirewallRules: [TCP Query User{D352337C-F652-44DD-9892-282D0BC38D08}C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{FB08BD3F-36E7-4D10-A3EA-19C9966AE92C}C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{1D510A18-64D3-497F-AFD0-18254E85789A}C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe
    FirewallRules: [UDP Query User{CCCCDC1D-B8FE-4345-9C83-B70206F1B7AF}C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe
    FirewallRules: [{E2C4A3C6-EEB0-4F84-8E70-F5FEC0686348}] => C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe
    FirewallRules: [TCP Query User{BE84AA49-109F-4959-9CDF-32A3D31EA3C4}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
    FirewallRules: [UDP Query User{36E2BDA3-46CB-4E17-A7F1-534DDEBACBFC}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
    FirewallRules: [TCP Query User{35712B88-FC74-47C9-8B03-F2D7B8AE8518}C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
    FirewallRules: [UDP Query User{49CA3C3E-FBD3-47A4-8836-E4A292787954}C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
    FirewallRules: [TCP Query User{FA049080-07E8-4F88-9D8E-442825A2D30C}C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
    FirewallRules: [UDP Query User{3F1E5941-0342-46E8-832C-1A2786E530D4}C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
    FirewallRules: [{35788DA1-44B2-4BBD-8FFD-1A6A2E804A6E}] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
    FirewallRules: [{DA5454A9-EEB2-4C04-A482-97FD1F2FF676}] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
    FirewallRules: [{8ECA2CF1-F375-4E2A-9E2A-0FC0D60D6ADD}] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
    FirewallRules: [{078EB180-30A7-4D4A-B16C-8C954ECA715D}] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
    FirewallRules: [TCP Query User{4A5EDA81-CC8E-43AC-9099-0658A59545D1}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
    FirewallRules: [UDP Query User{8C891015-F286-4410-A0D9-36602E24B407}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
    FirewallRules: [{CDBAEE74-E6D4-41B4-AEA4-89485A1743C4}] => C:\Users\Shane\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{B609E92F-A68D-464D-9D4B-F9FFE0D102ED}] => C:\Users\Shane\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{C7820167-8E3B-44A7-91BC-F5E6863D61B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{8AF570F7-8879-4607-8D64-DF7D27CE1527}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{60297E56-4757-4CB6-95DB-9CDD8025EA9D}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{694F7A64-3D46-435E-A766-2D34488C336A}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{A850B9A8-24AB-432B-8B6C-30F8028CB70F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{B206CB23-F694-43DB-9854-83CA88A256E3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{A88F1FDE-0AC5-46CB-9F6E-77F0B9084DEE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{A3B8355A-79FF-4742-9B7D-73B731AFF062}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E2F0D23B-CF6D-43C4-ACFF-C278E12A70F7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{CD19A0EC-7A07-43F9-8C49-19C797F4D236}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
    FirewallRules: [UDP Query User{F3A134A7-9D91-4E5F-ACCA-17D73ECDC72F}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
    FirewallRules: [TCP Query User{B5C46DEA-61E1-492C-A488-45541E605F8B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{54D68D65-6B6C-4A61-8AED-F752D47412E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{47113367-7B34-443B-9EC4-C67C4DA37140}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
    FirewallRules: [UDP Query User{2FAE7EFB-5DCC-4BD7-9C3D-4B0C133CBE3B}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
    FirewallRules: [{7E40C351-4949-44A5-9B8D-2C37F1A35154}] => C:\Program Files (x86)\AirPort\APAgent.exe
    FirewallRules: [TCP Query User{C2514B62-9C2A-4873-8A8C-2AC67A2584AE}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
    FirewallRules: [UDP Query User{EAAA8CB6-7CD7-4AC6-8553-B1194ED76439}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
    FirewallRules: [{62C3171F-C024-4C97-99DC-EA3F4B4D9D45}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [TCP Query User{A75B2CA8-58BF-406C-8610-144F51EC8394}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
    FirewallRules: [UDP Query User{FC07F5AA-14A3-4F56-A254-23D20E39E4FE}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
    FirewallRules: [TCP Query User{A8FFB53D-91B4-4745-B67A-2A98D8DDDADA}C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe] => C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe
    FirewallRules: [UDP Query User{B1E573A9-C68B-4883-AF4F-56DC6713A3BD}C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe] => C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe
    FirewallRules: [TCP Query User{78A4B602-DF11-4B25-8F8E-99F95AB0FF09}C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe] => C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe
    FirewallRules: [UDP Query User{7D5CD5E3-D291-4508-8683-B22A57D7C42E}C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe] => C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe
    FirewallRules: [TCP Query User{4A1D0673-97F3-4530-A09B-D3C38FFFA3FC}C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe] => C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe
    FirewallRules: [UDP Query User{C5D09F29-0830-4E29-A493-B26FEB68BB74}C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe] => C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe
    FirewallRules: [TCP Query User{C8AEB2D8-6648-4DD6-B07B-59A84E8E857B}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
    FirewallRules: [UDP Query User{8051849D-3B94-4BFA-84D9-6C797890A36C}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
    FirewallRules: [TCP Query User{DA712C9D-8DDE-452C-B7AE-24F80680C351}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
    FirewallRules: [UDP Query User{3513C55C-D26F-4A61-95CE-341FEEB720D4}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
    FirewallRules: [TCP Query User{AE20A9CB-35DB-4D5D-ACE2-C86B81563768}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
    FirewallRules: [UDP Query User{6445430D-8FAD-45AD-AE64-E892B960B1F9}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
    FirewallRules: [TCP Query User{06A66389-8436-496D-BF5F-2E9FE6F8B93D}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
    FirewallRules: [UDP Query User{FFBA4A5D-9595-4A04-AAE4-4B1FD6219EF4}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
    FirewallRules: [TCP Query User{DAA6F300-619F-4841-A4E6-5C210D494B37}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{D925B21A-05C7-48F2-A56A-76F0FC9426AF}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{9DD7BA06-7F2F-4F8A-A59C-F7E6A2CA9A36}C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe] => C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{20822C09-4BE9-458F-AEEA-1272B472FB8C}C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe] => C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe
    FirewallRules: [{63AA2611-09C8-43DC-8AAD-3364121BFDB5}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{61AED995-3752-4974-BE72-4F019BD5764F}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{D7C5CDC2-D99E-41F6-BFCB-5BD94648324A}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{AAEE8AF9-A629-475E-80C4-706F1F880D9D}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{D28588CA-0F56-48A4-A923-0DA6AD181B94}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [TCP Query User{0B923B97-D7B3-4979-813C-48483F100663}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
    FirewallRules: [UDP Query User{6B49E4CD-59EC-4DA0-8EC3-391757044850}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
    FirewallRules: [TCP Query User{8D42CFF5-5531-410B-A30D-1E7FA4578FDC}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
    FirewallRules: [UDP Query User{E94EBC18-869F-4742-B006-673D47C7EE34}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
    FirewallRules: [TCP Query User{EBFB1557-A794-47AB-8A0E-699B0D853F25}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{E880F2A2-CBBE-4BFE-8BA2-C77C3BE79DC4}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{CD07D70E-B07F-4123-B286-7E56468891C1}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{A6F0E514-E621-41D7-A368-4FDB225EDF4D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{42FF69AC-7607-40DD-ADAE-2C2F87A7FA05}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C321193F-DD7F-4869-8F4C-8F14BDC746A8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{FF42EE85-A372-4C33-91E4-ADFE5D79DDF7}] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
    FirewallRules: [{6A94960E-1C4E-4C48-A736-90537BF39AB5}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
    FirewallRules: [{7145FC22-A801-40BA-A186-D84650FC70E3}] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
    FirewallRules: [{39F139B2-41E2-4559-B096-8B4C8953FBB1}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
    FirewallRules: [{869F6891-9069-4D5A-ACC2-3FE702AA2CD1}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [TCP Query User{F47D9C3A-22BC-4B97-BB5E-2D62F8621844}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
    FirewallRules: [UDP Query User{418A5034-1B33-4FA1-9758-0132E0B031DD}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
    FirewallRules: [TCP Query User{554AE5D0-079D-4D0E-95C3-71DA60946A30}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
    FirewallRules: [UDP Query User{30318B3D-FAE4-477C-B183-D798B1A1B749}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
    FirewallRules: [TCP Query User{69110F71-77CC-48C6-BBE8-D32DCDF23ACF}C:\program files\videolan\vlc\vlc.exe] => C:\program files\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{D27422DC-4669-412E-9F06-CB3D06141526}C:\program files\videolan\vlc\vlc.exe] => C:\program files\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{59175AA9-51F2-4C21-9733-91D1C1CA1592}C:\program files (x86)\shure\shure update utility\shure update utility.exe] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
    FirewallRules: [UDP Query User{6145814C-920C-4CC0-AEAD-A1C89504FE77}C:\program files (x86)\shure\shure update utility\shure update utility.exe] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
    FirewallRules: [{6EF0EECB-47E8-4F46-9941-770DEFD178C0}] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
    FirewallRules: [{7D239C8C-8E9E-4460-8C75-1E726C7021BD}] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
    FirewallRules: [TCP Query User{D16F4A7B-E2BC-417B-AC86-3C6CDF06175B}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
    FirewallRules: [UDP Query User{EF155C5E-CD6B-4ED2-B72D-FA2781065349}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
    FirewallRules: [{50CA55D7-A6F9-4F9C-A172-DB4A38948869}] => C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
    FirewallRules: [{98370CD2-07D9-44DA-B3F4-46C5FA64FF76}] => C:\Program Files (x86)\ENTTEC\DMX PRO Manager\PRO-Manager.exe
    FirewallRules: [{36C010B1-CCDE-4AB3-91AD-99636217797B}] => C:\Program Files (x86)\ENTTEC\DMX PRO Manager\PRO-Manager.exe
    FirewallRules: [TCP Query User{DFCF2A6E-3ED2-48B4-BB08-33BDD8F4FB95}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
    FirewallRules: [UDP Query User{5B38B0EE-258B-4599-B4A6-27133FC87571}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
    FirewallRules: [TCP Query User{C564C495-9E8F-4C05-A10E-90C255C514AF}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
    FirewallRules: [UDP Query User{12D9CD3B-AF2B-4DF3-9175-099F3FE1260A}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
    FirewallRules: [{7157D72A-B82D-440D-B64F-E005B8FAFD41}] => C:\Program Files (x86)\Yamaha\Amp Editor\AmpEditor.exe
    FirewallRules: [{9C7588A6-69A2-479D-8A4F-C81F024250CD}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\MTX3.exe
    FirewallRules: [{CE86408E-6550-4258-B498-905E4953F1F9}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\XMV.exe
    FirewallRules: [{F4101B8D-0A4F-4342-AF18-A3EC93DCE69D}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\XMV-D.exe
    FirewallRules: [{8C1FC760-BA22-4BC1-BBB1-5257ABBB9206}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\EXio.exe
    FirewallRules: [{0EA2ED53-7EE8-49FC-A7A3-C08ADA63E140}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\MTX5-D.exe
    FirewallRules: [{97F90CC3-9F9B-4570-9CD4-29DA564C49ED}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\MRX7-D.exe
    FirewallRules: [{EE543CD6-72F4-4A53-A05E-E2B341880C59}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{6658A5FE-2266-4065-8B9F-37C6485C6ACE}] => C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{4EE830BD-103A-451B-BFFD-3A5A8DDB6240}] => C:\Program Files\Dell\Click 2 Fix+\cust.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

    ==================== Restore Points =========================

    11-01-2017 14:17:47 Scheduled Checkpoint
    12-01-2017 16:05:16 Installed OLMtoPST Converter Pro 1.4
    19-01-2017 21:58:46 Pre Install Click 2 Fix+ restore point
    22-01-2017 16:35:31 Removed TouchFreeze

    ==================== Faulty Device Manager Devices =============

    Name: Kionix KXCNL Freefall Sensor
    Description: Kionix KXCNL Freefall Sensor
    Class Guid: {b4f2027a-f326-4c3b-8e28-80d112a7f7d1}
    Manufacturer: Kionix, Inc.
    Service: kiox_ff_driver
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/22/2017 05:36:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 940

    Start Time: 01d274d26c147d57

    Termination Time: 0

    Application Path: C:\Windows\Explorer.EXE

    Report Id: 7c8f21c2-e0fb-11e6-82d1-9cb6d005425c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (01/22/2017 05:00:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cust.exe, version: 0.4.0.5, time stamp: 0x586a0a97
    Faulting module name: trig000.dll_unloaded, version: 1.0.0.1, time stamp: 0x586a0a59
    Exception code: 0xc0000005
    Fault offset: 0x000000000001775c
    Faulting process id: 0x5d0
    Faulting application start time: 0x01d274d23773bafb
    Faulting application path: C:\Program Files\Dell\Click 2 Fix+\cust.exe
    Faulting module path: trig000.dll
    Report Id: 8551a0ed-e0f6-11e6-82d1-9cb6d005425c
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/22/2017 04:35:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (01/22/2017 11:09:07 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 28507 ms

    Error: Unable to create resource file.

    Error: (01/22/2017 11:09:07 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 28503 ms

    Error: Unable to create resource file.

    Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
    Description: Event-ID 0


    System errors:
    =============
    Error: (01/22/2017 11:38:53 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (01/22/2017 11:08:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    Error: (01/22/2017 11:08:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Sentinel64 service failed to start due to the following error:
    The system cannot find the device specified.

    Error: (01/22/2017 11:08:55 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000139 (0x0000000000000003, 0xffffd00055eaf110, 0xffffd00055eaf068, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012217-13703-01.

    Error: (01/22/2017 11:08:53 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:32:00 AM on ‎1/‎22/‎2017 was unexpected.

    Error: (01/22/2017 11:08:40 AM) (Source: Application Popup) (EventID: 56) (User: )
    Description: ACPI5

    Error: (01/21/2017 02:25:03 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (01/21/2017 02:24:33 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (01/20/2017 04:11:32 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (01/20/2017 04:11:02 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================
    Date: 2017-01-22 17:59:32.357
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:59:25.947
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:58:21.271
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:58:14.794
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:57:22.846
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:57:16.500
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:50:32.053
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:50:26.030
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:48:04.957
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-01-22 17:47:58.621
    Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6820HK CPU @ 2.70GHz
    Percentage of memory in use: 24%
    Total physical RAM: 16280.65 MB
    Available physical RAM: 12255.35 MB
    Total Virtual: 32664.65 MB
    Available Virtual: 28778.55 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:944.18 GB) (Free:710.13 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:616.47 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: C5C5E14E)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 953.9 GB) (Disk ID: 49CE9610)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\Winlogon: [Shell] - <==== ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> DefaultScope {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
    SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
    2017-01-12 16:05 - 2017-01-12 16:05 - 0433576 _____ () C:\Users\Shane\AppData\Local\Temp\OLMtoPSTConverterProSetup.exe
    ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    AlternateDataStreams: C:\Windows:AstInfo [0]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
    AlternateDataStreams: C:\ProgramData\TEMP:9567EA29 [175]
    AlternateDataStreams: C:\Users\Shane\.DS_Store:AFP_AfpInfo [122]
    AlternateDataStreams: C:\Users\Shane\Desktop\TX-F:AFP_AfpInfo [122]
    AlternateDataStreams: C:\Users\Shane\Documents\Converted Data:AFP_AfpInfo [122]
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2017
    Posts
    7

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
    Ran by Shane (23-01-2017 06:42:38) Run:1
    Running from C:\Users\Shane\Desktop
    Loaded Profiles: Shane (Available Profiles: Shane)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\Winlogon: [Shell] - <==== ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> DefaultScope {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
    SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
    2017-01-12 16:05 - 2017-01-12 16:05 - 0433576 _____ () C:\Users\Shane\AppData\Local\Temp\OLMtoPSTConverterProSetup.exe
    ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    AlternateDataStreams: C:\Windows:AstInfo [0]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
    AlternateDataStreams: C:\ProgramData\TEMP:9567EA29 [175]
    AlternateDataStreams: C:\Users\Shane\.DS_Store:AFP_AfpInfo [122]
    AlternateDataStreams: C:\Users\Shane\Desktop\TX-F:AFP_AfpInfo [122]
    AlternateDataStreams: C:\Users\Shane\Documents\Converted Data:AFP_AfpInfo [122]
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59C36AC4-52C1-4364-8A53-3BB570A91AD3} => key removed successfully
    HKCR\CLSID\{59C36AC4-52C1-4364-8A53-3BB570A91AD3} => key not found.
    C:\Users\Shane\AppData\Local\Temp\OLMtoPSTConverterProSetup.exe => moved successfully
    C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk => Shortcut argument removed successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
    C:\Windows => ":AstInfo" ADS removed successfully.
    C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
    C:\ProgramData\TEMP => ":9567EA29" ADS removed successfully.
    C:\Users\Shane\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
    C:\Users\Shane\Desktop\TX-F => ":AFP_AfpInfo" ADS removed successfully.
    C:\Users\Shane\Documents\Converted Data => ":AFP_AfpInfo" ADS removed successfully.
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42547997 B
    Java, Flash, Steam htmlcache => 938 B
    Windows/system/drivers => 644505730 B
    Edge => 0 B
    Chrome => 88461640 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 128 B
    LocalService => 46614 B
    NetworkService => 2333132 B
    Shane => 1389914543 B

    RecycleBin => 23076233639 B
    EmptyTemp: => 23.5 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 06:43:42 ====

    # AdwCleaner v6.042 - Logfile created 23/01/2017 at 12:47:38
    # Updated on 06/01/2017 by Malwarebytes
    # Database : 2017-01-23.1 [Server]
    # Operating System : Windows 8.1 Pro (X64)
    # Username : Shane - OBERON
    # Running from : C:\Users\Shane\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\.ct_simplPlusModule_x
    Key Found: [x64] HKLM\SOFTWARE\Classes\.ct_simplPlusModule_x


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2885 Bytes] - [23/01/2017 12:44:42]
    C:\AdwCleaner\AdwCleaner[C0]_Initial.txt - [2885 Bytes] - [23/01/2017 12:46:09]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2772 Bytes] - [23/01/2017 12:43:00]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1287 Bytes] - [23/01/2017 12:47:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1360 Bytes] ##########

    # AdwCleaner v6.042 - Logfile created 23/01/2017 at 12:43:00
    # Updated on 06/01/2017 by Malwarebytes
    # Database : 2017-01-06.1 [Local]
    # Operating System : Windows 8.1 Pro (X64)
    # Username : Shane - OBERON
    # Running from : C:\Users\Shane\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    Folder Found: C:\ProgramData\0ba682d8-c703-4a2c-ae33-45ff2df98e48
    Folder Found: C:\ProgramData\19ca3c28-6c1c-429a-8c1e-78f0d2d4b451
    Folder Found: C:\ProgramData\1f75086c-a095-4d45-bcdc-8f873f155934
    Folder Found: C:\ProgramData\276cd788-f713-45d1-89da-5ac6ea3a054a
    Folder Found: C:\ProgramData\400a0379-7388-43a8-b3ea-1875ce4378a4
    Folder Found: C:\ProgramData\6377a61e-b06d-46c3-8d3c-10fcf0e716dd
    Folder Found: C:\ProgramData\68b008d9-b2c0-409a-ada4-b249958058b8


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\.ct_simplPlusModule_x
    Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\.ct_simplPlusModule_x
    Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    Key Found: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\Software\APN PIP
    Key Found: HKCU\Software\APN PIP
    Key Found: HKLM\SOFTWARE\FFinder LTD
    Key Found: [x64] HKCU\Software\APN PIP


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [2592 Bytes] - [23/01/2017 12:43:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2665 Bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 8.1 Pro x64
    Ran by Shane (Administrator) on Mon 01/23/2017 at 12:51:20.60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 4

    Successfully deleted: C:\ProgramData\pdfforge (Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/23/2017 at 12:52:21.69
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Have things improved?

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation let it update if it asks.



    • Go to the Setting Tab>>>>>APPLICATIONS and click on Restore Defaults
    • Under SETTINGS>>>>>PROTECTION make sure AUTOMATIC QUARANTINE IS ON
    • Then go to the Dashboard and click on SCAN NOW
    • When the scan is finished click on EXPORT SUMMARY >>>>> COPY TO CLIPBOARD
    • Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
    • Then click on POST

    • Exit Malwarebytes
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Jan 2017
    Posts
    7

    Default

    I am not sure I really noticed anything wrong per-se, but am more worried about security...

    Will post results shortly.

  6. #6
    Junior Member
    Join Date
    Jan 2017
    Posts
    7

    Default

    I did want to say that MB did not find these items when I did it earlier. It did find some Malware but not the Fareit or Keylogger. Defender did but always gave me an error 'Error code 0x800700df. The file size exceeds the limit allowed and cannot be saved.' hence I am here.

    I did run Defender again and they still show up. Ideas?


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/23/17
    Scan Time: 7:19 PM
    Logfile:
    Administrator: Yes

    -Software Information-
    Version: 3.0.5.1299
    Components Version: 1.0.43
    Update Package Version: 1.0.1084
    License: Trial

    -System Information-
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Oberon\Shane

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 391662
    Time Elapsed: 1 min, 46 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    When you used AdwCleaner, did you allow it to remove/quarantine what it found?

    • Download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click icon then click Install
    • A Window should open highlighting Start Emergency Kit Scanner
    • Right click on the icon and select Run as administrator
    • Click 1. Update now!
    • Once the update is completed select Settings under Scan
    • Uncheck Join the Emsisoft Anti-Malware Network
    • Click Scan at the top
    • Click On scan completion
    • Click Quarantine detected objects, then click OK
    • Click Malware Scan
    • Once completed click View Report
    • Save the file to your Desktop using the default file name
    • Copy and paste the report in your reply

    ===============
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Jan 2017
    Posts
    7

    Default

    I did set it to auto quarantine and then allowed it to fix what it found. There were 2 entries that looked like legitimate software. I can run it again and allow it to remove them as well...


    Emsisoft Emergency Kit - Version 12.0
    Last update: 1/24/2017 6:30:30 AM
    User account: Oberon\Shane
    Computer name: OBERON
    OS version: Windows 8.1x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 1/24/2017 6:31:11 AM
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\PDFFORGE detected: Application.InstallAd (A) []

    Scanned 81692
    Found 1

    Scan end: 1/24/2017 6:31:43 AM
    Scan time: 0:00:32

    Key: HKEY_LOCAL_MACHINE\SOFTWARE\PDFFORGE Application.InstallAd (A)

    Quarantined 1

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Tell me what the computer is doing now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Jan 2017
    Posts
    7

    Default

    nothing unusual that i can tell.

    what specifics should be looking for?

    am i searching for a fix on a non-existent issue?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •