Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Computer slow to shut down, need additional help.

  1. #1
    Junior Member
    Join Date
    Oct 2017
    Posts
    8

    Default

    My computer was slow in shutting down last night and while scanning with glary utilities the program freezes with 'ixt0.dll' highlighted.

    any help will be most appreciated.

    Here is the logs.

    ___

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
    Ran by Ryan Nakai (administrator) on LICORICE-PC (12-10-2017 17:22:44)
    Running from C:\Users\Ryan Nakai\Desktop
    Loaded Profiles: Ryan Nakai (Available Profiles: Ryan Nakai & DefaultAppPool)
    Platform: Windows 10 Pro 170602-2340 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\Windows\System32\GManager.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
    () C:\Windows\System32\mlpatch.exe
    (Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
    (Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
    (Magic Control Technology Corporation) C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
    (Google Inc.) C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
    (Google, Inc) C:\Users\Ryan Nakai\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
    HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
    HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5088872 2017-08-07] (Box, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-21] (Razer Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-10-03] (Dropbox, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [Google Update] => C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [MusicManager] => C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-11] (Valve Corporation)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25622168 2017-08-31] (Google)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-27] (Glarysoft Ltd)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2042144 2016-04-14] (TomTom)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [Google Photos Backup] => C:\Users\Ryan Nakai\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Run: [GoogleChromeAutoLaunch_01263A5253C555C4A9D4CAD3ADB95ECB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-21] (Google Inc.)
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\RunOnce: [Uninstall C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ryan Nakai\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Policies\Explorer: [NoLogOff] 0
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Policies\Explorer: [HideSCAVolume] 0
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\MountPoints2: {69802939-7361-11e5-9bcc-d48564b6502e} - "I:\VerizonSWUpgradeAssistantLauncher.exe"
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    Startup: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-13]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-22]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{69b9a6f4-8ea2-49ce-9859-b593bb2652a7}: [DhcpNameServer] 8.8.8.8 8.8.4.4

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
    BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-09-19] (DVDVideoSoft Ltd.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
    BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-29] (DVDVideoSoft Ltd.)
    DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default [2017-10-08]
    FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
    FF Extension: (Click&Clean) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\clickclean@hotcleaner.com [2016-05-01]
    FF Extension: (Pocket) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\isreaditlater@ideashower.com [2015-05-30]
    FF Extension: (NoScript) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-28]
    FF Extension: (WOT) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-09-28]
    FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-13] [not signed]
    FF Extension: (Video DownloadHelper) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-06-04]
    FF Extension: (Adblock Plus) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
    FF Extension: (DownThemAll!) - C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-01]
    FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-10] ()
    FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-10] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-02-28] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3813752901-3998910076-3428625962-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3813752901-3998910076-3428625962-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3813752901-3998910076-3428625962-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan Nakai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-24] (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "chrome://apps/"
    CHR NewTab: Default -> Active:"chrome-extension://dbfmnekepjoapopniengjbcpnbljalfg/index.html"
    CHR Profile: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default [2017-10-12]
    CHR Extension: (Slides) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
    CHR Extension: (Type Case) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgojplakjihkbpjdemlbedkkgpbojeg [2016-12-17]
    CHR Extension: (Just Type) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbmjhlgdihdaebioelepgldgojpkjag [2014-07-19]
    CHR Extension: (Docs) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (Desmos Graphing Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-04-16]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-12]
    CHR Extension: (YouTube) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Solitaire) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2016-12-16]
    CHR Extension: (Honey) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-10-10]
    CHR Extension: (eBay) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-04-09]
    CHR Extension: (HTML5 Analog Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfcckmhbpkjgfcnbgfmdodnlokimjdc [2014-05-11]
    CHR Extension: (Adblock Plus) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
    CHR Extension: (Pushbullet) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-10-09]
    CHR Extension: (Add to Amazon Wish List) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-06-02]
    CHR Extension: (Google Search) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Infinity New Tab) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2017-09-06]
    CHR Extension: (Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2017-09-27]
    CHR Extension: (Polarr Photo Editor) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-06-18]
    CHR Extension: (Timer) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2013-05-20]
    CHR Extension: (Google Calendar) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07]
    CHR Extension: (Box) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-29]
    CHR Extension: (AudioRecorder) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2015-10-05]
    CHR Extension: (Google Play Music) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-09-28]
    CHR Extension: (Sheets) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
    CHR Extension: (Google Play Movies) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppdphmgcddhjeddoeghpjefkdlccljb [2013-02-16]
    CHR Extension: (Calendar Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\galgfocamdohgeifjlbefkfpaalankfi [2016-07-22]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-23]
    CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-09]
    CHR Extension: (Digital Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-05-15]
    CHR Extension: (Google Docs Offline) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-16]
    CHR Extension: (Planetarium) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-07]
    CHR Extension: (AdBlock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-04]
    CHR Extension: (History Eraser) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-09-24]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-10-11]
    CHR Extension: (Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoihofapbdnldlhecnhefifbcddgdkhm [2014-05-11]
    CHR Extension: (Crackle) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-18]
    CHR Extension: (Google Play Music) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
    CHR Extension: (The Weather Channel for Chrome) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-02-11]
    CHR Extension: (1-click-timer) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2017-03-05]
    CHR Extension: (Dropbox) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30]
    CHR Extension: (Voice to Text) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2017-08-04]
    CHR Extension: (Matthew Bauer) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhficiigpnhhaojldmanflihieepanbb [2016-01-05]
    CHR Extension: (Pocket Website) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2013-07-19]
    CHR Extension: (History Eraser App) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2016-07-15]
    CHR Extension: (Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\joodangkbfjnajiiifokapkpmhfnpleo [2016-05-17]
    CHR Extension: (Google Play) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
    CHR Extension: (The Gansberg Clock) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhecpmapflhhdpcnpedpcaabolnapcae [2013-05-15]
    CHR Extension: (Numerics Calculator & Converter) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-04-16]
    CHR Extension: (BehindTheOverlay) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2016-10-09]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
    CHR Extension: (Google Maps) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
    CHR Extension: (Google Keep Chrome Extension) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-08-15]
    CHR Extension: (Spelunky HTML5) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2015-05-29]
    CHR Extension: (Google Drawings) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-09-26]
    CHR Extension: (Google Play Books) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-22]
    CHR Extension: (QR Code Generator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl [2013-02-11]
    CHR Extension: (PDF Merge - PDF Files Merger) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndolbcaghkmhjhgggldkgjibdilpbdbm [2017-10-04]
    CHR Extension: (OneDrive) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-08-18]
    CHR Extension: (Save to Pocket) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-10-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (Scientific Calculator) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2017-08-31]
    CHR Extension: (Weather Underground) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-05-12]
    CHR Extension: (Gmail) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
    CHR Extension: (Cool Metronome) - C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmfiinlikaadclgdojekfaoglellgm [2015-12-24]
    CHR Profile: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-14]
    CHR HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-13] (Adobe Systems) [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
    S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36680 2017-08-07] (Box, Inc.)
    S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe [71512 2017-07-31] (Google Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3059440 2017-07-18] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Inc.)
    S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-10-15] (Futuremark)
    R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
    R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
    R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] ()
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-11] (Realtek Semiconductor)
    U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)
    S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
    R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2017-01-27] (Advanced Micro Devices)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-11] (Samsung Electronics Co., Ltd.)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-05] (Glarysoft Ltd)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-10-12] (Malwarebytes)
    R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [172752 2016-02-03] (Magic Control Technology Corporation)
    R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
    R1 MpKsl9c8c92a3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84CCD30E-420D-4C18-A888-00299F654723}\MpKsl9c8c92a3.sys [58120 2017-10-12] (Microsoft Corporation)
    S1 MpKsld4969ecd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84CCD30E-420D-4C18-A888-00299F654723}\MpKsld4969ecd.sys [58120 2017-10-11] () [File not signed]
    R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
    R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
    S3 SaiH0461; C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [178432 2017-06-22] (Saitek)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-11] (Samsung Electronics Co., Ltd.)
    R3 t1pusb64; C:\WINDOWS\system32\drivers\t1pusb64.sys [156424 2016-04-08] (Magic Control Technology Corp.)
    S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    U3 aswMBR; C:\Users\Ryan Nakai\AppData\Local\Temp\aswMBR.sys [62728 2017-10-12] () [File not signed] <==== ATTENTION
    U3 aswVmm; C:\Users\Ryan Nakai\AppData\Local\Temp\aswVmm.sys [224896 2017-10-12] () <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-12 17:22 - 2017-10-12 17:22 - 000040135 _____ C:\Users\Ryan Nakai\Desktop\FRST.txt
    2017-10-12 17:20 - 2017-10-12 17:20 - 000000564 _____ C:\Users\Ryan Nakai\Desktop\aswMBR.txt
    2017-10-12 16:24 - 2017-10-12 16:24 - 000000000 ____D C:\FRST
    2017-10-12 16:21 - 2017-10-12 17:00 - 005198336 _____ (AVAST Software) C:\Users\Ryan Nakai\Desktop\aswMBR.exe
    2017-10-12 16:19 - 2017-10-12 16:24 - 002401792 _____ (Farbar) C:\Users\Ryan Nakai\Desktop\FRST64.exe
    2017-10-12 12:36 - 2017-10-12 12:36 - 000000000 ___HD C:\OneDriveTemp
    2017-10-12 12:24 - 2017-10-12 12:24 - 000016148 _____ C:\WINDOWS\system32\LICORICE-PC_Ryan Nakai_HistoryPrediction.bin
    2017-10-12 11:53 - 2017-10-12 11:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ryan Nakai\Desktop\HijackThis.exe
    2017-10-12 11:48 - 2017-10-12 11:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-10-12 11:44 - 2017-10-12 11:44 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-10-12 11:44 - 2017-10-12 11:44 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2017-10-12 11:44 - 2017-10-12 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-10-12 11:43 - 2017-10-12 11:45 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-10-12 11:43 - 2017-10-12 11:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-10-12 11:43 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2017-10-12 11:39 - 2017-10-12 11:43 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Ryan Nakai\Downloads\spybotsd-2.6.46.exe
    2017-10-12 11:30 - 2017-10-12 11:33 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-10-12 11:30 - 2017-10-12 11:30 - 000000000 ____D C:\ProgramData\SUPERSetup
    2017-10-12 11:30 - 2017-10-12 11:30 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2017-10-12 11:30 - 2017-10-12 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2017-10-12 11:28 - 2017-10-12 11:28 - 000425304 _____ (Secure By Design Inc.) C:\Users\Ryan Nakai\Downloads\Ninite SUPERAntiSpyware Installer.exe
    2017-10-12 11:04 - 2017-10-12 11:04 - 000001171 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2017-10-11 19:05 - 2017-10-11 19:05 - 006614768 _____ C:\Users\Ryan Nakai\Downloads\1507765328.orange-peel_pkmrescue_fla.swf
    2017-10-10 11:59 - 2017-10-10 11:59 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-10-07 20:08 - 2017-10-07 20:08 - 003924286 _____ C:\Users\Ryan Nakai\Downloads\1507366426474.webm
    2017-10-07 18:36 - 2017-10-07 19:08 - 000000000 ____D C:\Users\Ryan Nakai\Desktop\New folder
    2017-10-06 21:25 - 2017-10-07 01:55 - 1647968256 _____ C:\Users\Ryan Nakai\Desktop\linuxmint-18.2-xfce-64bit.iso
    2017-10-05 23:34 - 2017-10-05 23:34 - 000136375 _____ C:\Users\Ryan Nakai\Downloads\Lesson 4 - Ethics Scenarios 1.pdf
    2017-10-04 15:22 - 2017-10-04 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-10-03 04:21 - 2017-10-03 04:21 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2017-10-03 04:21 - 2017-10-03 04:21 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2017-09-29 16:06 - 2017-09-29 16:06 - 000360466 _____ C:\Users\Ryan Nakai\Downloads\1445763477.siroc_mm_son_wip1.swf
    2017-09-29 11:41 - 2017-09-29 11:42 - 007026214 _____ C:\Users\Ryan Nakai\Downloads\1506706468.orange-peel_zapdos_special_versiond.swf
    2017-09-28 23:06 - 2017-09-28 23:06 - 000001362 _____ C:\Users\Ryan Nakai\Desktop\CnD Chicken
    2017-09-28 15:24 - 2017-09-28 15:24 - 000000000 ____D C:\WINDOWS\UpdateAssistant
    2017-09-26 12:56 - 2017-09-26 12:57 - 000000000 ____D C:\Users\Ryan Nakai\Downloads\Madoka pnm
    2017-09-23 16:36 - 2017-09-23 16:38 - 006635333 _____ C:\Users\Ryan Nakai\Downloads\2a62ecfd585bc41749d2e094219295af.swf
    2017-09-23 10:54 - 2017-09-23 10:54 - 000675939 _____ C:\Users\Ryan Nakai\Downloads\1852459 - Cutepet Sailor_Moon Usagi_Tsukino.jpeg
    2017-09-22 16:56 - 2017-09-22 16:56 - 000234842 _____ C:\Users\Ryan Nakai\Downloads\make-model-scatter-dot-blue-green-reversible-strapless-bandeau-bra-product-2-3047491-643272225.jpeg
    2017-09-22 16:55 - 2017-09-22 16:55 - 000256691 _____ C:\Users\Ryan Nakai\Downloads\make-model-rainbow-check-lilac-sheer-reversible-strapless-bandeau-bra-product-2-4299888-174110365.jpeg
    2017-09-20 16:34 - 2017-09-20 16:35 - 022214921 _____ C:\Users\Ryan Nakai\Downloads\Ghost.swf
    2017-09-18 16:55 - 2017-09-18 16:55 - 001937674 _____ C:\Users\Ryan Nakai\Downloads\DD_CA10Df.swf
    2017-09-18 16:55 - 2017-09-18 16:55 - 001883481 _____ C:\Users\Ryan Nakai\Downloads\DD_BA1Df.swf
    2017-09-18 16:52 - 2017-09-18 16:53 - 007635217 _____ C:\Users\Ryan Nakai\Downloads\DD_AA10Df_S.swf
    2017-09-16 20:30 - 2017-09-16 20:30 - 000240334 _____ C:\Users\Ryan Nakai\Downloads\1505205833.diives_lopunny_ball_nsfw_released_swf.swf
    2017-09-16 11:10 - 2017-09-16 11:12 - 008812312 _____ C:\Users\Ryan Nakai\Downloads\2031073_Pherion_patreon360p.swf
    2017-09-14 23:33 - 2017-09-14 23:33 - 000057790 _____ C:\Users\Ryan Nakai\Downloads\How to Read a Recipe by Alton Brown.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-12 16:47 - 2015-12-28 20:01 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2017-10-12 12:36 - 2014-11-28 17:14 - 000000000 ___RD C:\Users\Ryan Nakai\OneDrive
    2017-10-12 12:32 - 2014-11-04 12:30 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
    2017-10-12 12:30 - 2015-08-02 22:42 - 001005662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-10-12 12:30 - 2015-07-10 05:02 - 000000000 ____D C:\WINDOWS\INF
    2017-10-12 12:28 - 2013-02-14 17:16 - 000000000 ___RD C:\Users\Ryan Nakai\Google Drive
    2017-10-12 12:28 - 2013-02-13 22:37 - 000000000 ____D C:\Program Files (x86)\Steam
    2017-10-12 12:24 - 2015-12-28 20:01 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2017-10-12 12:24 - 2013-08-06 15:54 - 000002802 _____ C:\WINDOWS\system32\GManager.ini
    2017-10-12 12:23 - 2015-07-10 06:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-10-12 11:11 - 2017-01-26 22:58 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-10-12 11:04 - 2014-11-04 12:30 - 000003398 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
    2017-10-12 11:04 - 2014-11-04 12:30 - 000003044 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
    2017-10-12 11:04 - 2014-11-04 12:30 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2017-10-11 23:25 - 2015-07-10 05:04 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-10-11 23:25 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-10-11 18:22 - 2017-06-30 12:18 - 000000809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
    2017-10-11 18:22 - 2017-06-30 12:18 - 000000797 _____ C:\Users\Ryan Nakai\Desktop\Windows 10 Update Assistant.lnk
    2017-10-11 18:22 - 2016-09-30 12:50 - 000000000 ____D C:\Windows10Upgrade
    2017-10-10 20:19 - 2013-02-11 19:52 - 000000000 ____D C:\Users\Ryan Nakai\AppData\Roaming\vlc
    2017-10-10 18:41 - 2013-02-12 23:08 - 000000000 ____D C:\Users\Ryan Nakai\AppData\Roaming\XnView
    2017-10-10 15:28 - 2016-09-30 12:52 - 000000000 ___HD C:\$GetCurrent
    2017-10-10 15:28 - 2013-02-11 17:05 - 000001908 _____ C:\WINDOWS\diagwrn.xml
    2017-10-10 15:28 - 2013-02-11 17:05 - 000001908 _____ C:\WINDOWS\diagerr.xml
    2017-10-10 15:27 - 2017-06-30 17:47 - 000000036 _____ C:\WINDOWS\progress.ini
    2017-10-10 15:22 - 2015-08-02 23:08 - 000000430 __RSH C:\Users\Ryan Nakai\ntuser.pol
    2017-10-10 15:22 - 2015-08-02 22:43 - 000000000 ____D C:\Users\Ryan Nakai
    2017-10-10 15:22 - 2013-02-13 19:56 - 000000400 __RSH C:\ProgramData\ntuser.pol
    2017-10-10 12:23 - 2016-10-21 22:12 - 000004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-10-10 12:23 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-10-10 12:23 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-10-10 12:06 - 2013-08-14 22:48 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-10-10 11:59 - 2013-02-12 13:04 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-10-06 16:55 - 2013-08-15 16:38 - 000000000 ____D C:\Users\Ryan Nakai\AbiSuite
    2017-10-06 16:28 - 2015-07-10 03:05 - 000131072 ___SH C:\WINDOWS\system32\config\BBI
    2017-10-05 19:42 - 2017-07-20 22:45 - 000000000 ____D C:\Program Files\rempl
    2017-10-05 13:33 - 2016-11-24 17:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-10-05 13:33 - 2013-02-14 20:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-10-04 15:23 - 2015-12-28 20:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2017-09-26 15:39 - 2013-02-11 18:54 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-09-20 22:45 - 2016-12-23 11:57 - 000000000 ____D C:\Users\Ryan Nakai\AppData\LocalLow\Mozilla
    2017-09-20 11:20 - 2015-07-10 05:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-09-20 11:19 - 2014-11-28 16:14 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2017-09-20 11:05 - 2015-07-10 05:04 - 000000000 ____D C:\WINDOWS\rescache
    2017-09-19 12:46 - 2017-07-24 21:29 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3813752901-3998910076-3428625962-1001
    2017-09-19 12:46 - 2015-08-02 23:17 - 000002423 _____ C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-09-16 10:16 - 2013-02-14 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    ==================== Files in the root of some directories =======

    2015-08-16 00:59 - 2015-08-16 00:59 - 000000000 _____ () C:\Program Files\Microsoft Security Client
    2015-08-22 01:27 - 2015-08-22 01:27 - 000000000 _____ () C:\Program Files (x86)\ATI Technologies
    2015-08-16 00:59 - 2015-08-16 00:59 - 000000000 _____ () C:\Program Files (x86)\Common Files\AMD
    2013-03-08 23:04 - 2013-04-16 23:19 - 000096418 _____ () C:\Users\Ryan Nakai\AppData\Roaming\Logs
    2013-04-01 13:37 - 2013-04-01 13:37 - 000109298 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Roaming\MSWINSCK.OCX
    2005-04-07 20:16 - 2013-03-09 01:48 - 000005200 ____H () C:\Users\Ryan Nakai\AppData\Roaming\Ryan Nakailog.dat
    2016-05-30 19:55 - 2016-05-30 19:55 - 000000218 _____ () C:\Users\Ryan Nakai\AppData\Local\recently-used.xbel
    2013-05-17 22:42 - 2013-05-17 22:42 - 000000017 _____ () C:\Users\Ryan Nakai\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    ====================
    2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
    2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
    2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    __

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
    Ran by Ryan Nakai (12-10-2017 17:26:41)
    Running from C:\Users\Ryan Nakai\Desktop
    Windows 10 Pro 170602-2340 (X64) (2015-08-03 05:08:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3813752901-3998910076-3428625962-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3813752901-3998910076-3428625962-503 - Limited - Disabled)
    Guest (S-1-5-21-3813752901-3998910076-3428625962-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3813752901-3998910076-3428625962-1004 - Limited - Enabled)
    Ryan Nakai (S-1-5-21-3813752901-3998910076-3428625962-1001 - Administrator - Enabled) => C:\Users\Ryan Nakai

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    8-Bit Bayonetta (HKLM\...\Steam App 567090) (Version: - PlatinumGames, Bitbaboon)
    AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
    Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
    AlphaSmart AlphaBeam 3.2 (HKLM-x32\...\AlphaSmart AlphaBeam 3.2) (Version: - )
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
    Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
    Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    BIT.TRIP BEAT (HKLM-x32\...\Steam App 63700) (Version: - Gaijin Games)
    Box Sync (HKLM\...\{0653E263-C86D-44AB-AE83-25407370FCE1}) (Version: 4.0.7848.0 - Box, Inc.)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
    Chipamp (HKLM-x32\...\Chipamp) (Version: 1.0 - OverClocked ReMix)
    Chrome Remote Desktop Host (HKLM-x32\...\{BAD014C7-DB71-474A-AC68-F06FAE17A949}) (Version: 61.0.3163.20 - Google Inc.)
    Contraption Maker (HKLM-x32\...\Steam App 241240) (Version: - Spotkin)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    DVDFab 9.1.8.8 (13/02/2015) (HKLM-x32\...\DVDFab 9 US_is1) (Version: - Fengtao Software Inc.)
    EDGE (HKLM-x32\...\Steam App 38740) (Version: - Two Tribes)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Eversion (HKLM-x32\...\Steam App 33680) (Version: - Zaratustra Productions)
    Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
    FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
    FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.5.7 - Graeme Gott)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
    Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
    Futuremark SystemInfo (HKLM-x32\...\{B8E78E04-6020-4CD2-BEAB-7BB6E9EF75C3}) (Version: 4.22.211 - Futuremark)
    Glary Utilities 5.85 (HKLM-x32\...\Glary Utilities 5) (Version: 5.85.0.106 - Glarysoft Ltd)
    Google Chrome (HKLM\...\{C1FECBCE-6D6B-3040-A62C-A205863357F6}) (Version: 61.0.3163.100 - Google, Inc.)
    Google Drive (HKLM-x32\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.)
    Google Photos Backup (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    Ikaruga (HKLM\...\Steam App 253750) (Version: - Treasure)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
    Inkscape 0.92.1 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92 - inkscape.org)
    Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
    Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
    KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    LibreOffice 5.3.1.2 (HKLM\...\{9A2A4317-64E9-4631-997A-F2C4F8A512C7}) (Version: 5.3.1.2 - The Document Foundation)
    MakeMKV v1.10.7 (HKLM-x32\...\MakeMKV) (Version: v1.10.7 - GuinpinSoft inc)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4963.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mighty Switch Force! Hose It Down! (HKLM-x32\...\Steam App 375310) (Version: - WayForward)
    Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
    Mozilla Thunderbird 52.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 en-US)) (Version: 52.2.1 - Mozilla)
    Music Manager (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\MusicManager) (Version: - Google, Inc.)
    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
    My Game Long Name (HKLM\...\UDK-9c727eda-b1c8-4d60-a336-76dd5b849c08) (Version: - Epic Games, Inc.)
    Noitu Love 2 Devolution (HKLM-x32\...\Steam App 207530) (Version: - Joakim Sandberg)
    NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
    NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
    One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version: - Mine Loader Software Co., Ltd.)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
    PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.1 - pdfforge GmbH)
    Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap Games, Inc.)
    Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version: - PopCap Games, Inc.)
    Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
    Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version: - TamaSoftware)
    Pink Heaven (HKLM-x32\...\Steam App 409690) (Version: - Studio Pixel)
    Pink Hour (HKLM-x32\...\Steam App 409670) (Version: - Studio Pixel)
    PNotes.NET 3.0.1.5 (HKLM-x32\...\{02384F4C-1820-49E9-9D03-81F27EEE1224}_is1) (Version: 3.0.1.5 - Andrey Gruber)
    Princess Remedy in a World of Hurt (HKLM\...\Steam App 407900) (Version: - Ludosity)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.721 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
    Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
    Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
    Retro Game Crunch (HKLM-x32\...\Steam App 290040) (Version: - Rusty Moyher)
    Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
    Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
    SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
    Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Should I Remove It (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Skullgirls (HKLM-x32\...\Steam App 245170) (Version: - Lab Zero Games)
    Skullgirls ∞Endless Beta∞ (HKLM-x32\...\Steam App 208610) (Version: - )
    Sonic Adventure™ 2 (HKLM-x32\...\Steam App 213610) (Version: - SEGA)
    Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Super Amazing Wagon Adventure (HKLM-x32\...\Steam App 250500) (Version: - sparsevector)
    Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version: - Modern Dream)
    TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
    Trigger External Graphics Family 16.02.0315.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.02.0315.0179 - MCT Corp)
    Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
    Unity Web Player (HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Wizorb (HKLM-x32\...\Steam App 207420) (Version: - Tribute Games)
    XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers1: [BoxContextMenuClient] -> {4a9f9d0f-60bd-3164-a67d-4f811da1eea0} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
    ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
    ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
    ContextMenuHandlers1: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
    ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
    ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
    ContextMenuHandlers2: [TeraCopyS64] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers4: [BoxContextMenuClient] -> {4a9f9d0f-60bd-3164-a67d-4f811da1eea0} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
    ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
    ContextMenuHandlers4: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
    ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
    ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] ()
    ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0332F065-457A-4893-918B-6C91CC2A059F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3813752901-3998910076-3428625962-1001Core => C:\Users\Ryan Nakai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {0DEE3FC5-3B3B-4231-9369-527159273B67} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {126F54CE-0361-4AB8-A13F-F1B72A673C97} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {1293E7C4-D091-4650-9E2A-2D4A3F0E7B72} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
    Task: {166B1A52-8BC0-497C-A2CD-F2101F098CF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {16830EC9-CA72-44AB-8564-AC78EDEF1A14} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-28] (Dropbox, Inc.)
    Task: {1B53C0D6-6C50-47D3-8B42-8AC93E65F75F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {2AC6A0AA-BED4-4351-8D95-3B2D924B1C4B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {32E4AFD2-0316-4A76-BE1D-4057A7C87A03} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {37B49C50-3BE9-4D10-8077-FB043A549AD6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
    Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
    Task: {45D32615-401F-4B39-A10E-2E85D1057902} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {4A739648-42BF-46D1-BD94-57DA880DA904} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {4E2A253D-A292-4285-8ABB-1D01EC2861A6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {52933F8A-FA64-4805-90B0-E9E91FDD91CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {77FE407B-9CB5-4CEE-B8DB-2E784D4715E1} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-09-27] (Glarysoft Ltd)
    Task: {78DD1C88-AC1F-4F7C-80F0-3EBFB1A6C760} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {792FC510-D96A-4EAC-96BC-735F2AF06891} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7FD49B8C-4534-46E4-803E-691A78B40027} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {81D62FF8-BDB8-4B69-8B0C-AFB8C615080A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {84702869-6FA9-4A4D-ADBD-86067BB1E036} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
    Task: {903783B0-942F-44A6-87D2-1D8FB86F894F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-10] (Adobe Systems Incorporated)
    Task: {93442E65-DBEC-44A9-A05E-57CA228722CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {9CE8A4DC-6488-411F-8CCA-1C8616A94E7F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-09-27] (Glarysoft Ltd)
    Task: {A02ABF5F-5951-480D-95A8-9BCEAB05EE27} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {A7EA203E-B53D-4870-8344-D0A761E9E441} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B15F9FC0-AFA4-438D-8226-50352A24F36D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B1A83C33-A256-42B2-AB09-484BEE26FA72} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {C1C9C14A-394B-409C-B7F1-2AFA729DD1E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {C77F73F6-A8A8-4B33-8690-04CF7870F28E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CD65B18E-3993-4CF0-8F0A-38C63937B50B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
    Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {D7CE1568-7EE5-4B8A-90B1-56200FD4EC54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3813752901-3998910076-3428625962-1001UA => C:\Users\Ryan Nakai\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {D84D8721-8355-4147-A846-092C7EA55B4F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-28] (Dropbox, Inc.)
    Task: {DC80A298-7590-4501-BF10-EBC5255EE6E5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {DFD08C1B-6618-4CBF-8391-1D3AC94DA9A1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E56F21B5-C230-449C-B57D-B17C3C029513} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E5BBDF34-B300-4077-A9DA-F87CA56EC14F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {ECDE8BB0-EBC2-4B62-ACC7-446A5AD90E14} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FAECCE5E-B814-400D-AB6B-CB495613FCF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-10] (Adobe Systems Incorporated)
    Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FE36B75F-9F93-422B-9876-A128BD10DD43} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 05:00 - 2015-07-10 05:00 - 000028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-08-03 00:31 - 2015-08-03 00:31 - 000032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2016-11-17 19:49 - 2016-10-25 01:15 - 000404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2014-11-28 16:14 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-08-02 23:24 - 2012-08-28 14:20 - 000313432 _____ () C:\Windows\system32\GManager.exe
    2013-08-06 15:54 - 2011-05-03 18:13 - 000199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
    2015-08-02 23:24 - 2014-08-22 17:10 - 002244912 _____ () C:\WINDOWS\system32\MlPatch.exe
    2017-07-19 16:09 - 2017-07-19 16:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2017-06-14 12:09 - 2017-06-03 07:39 - 002495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2017-08-07 17:13 - 2017-08-07 17:13 - 000126792 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
    2017-08-07 17:13 - 2017-08-07 17:13 - 001488200 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
    2017-08-07 17:13 - 2017-08-07 17:13 - 000056648 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
    2017-08-07 17:13 - 2017-08-07 17:13 - 002106696 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
    2017-08-07 17:10 - 2017-08-07 17:10 - 000136520 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
    2017-08-07 17:09 - 2017-08-07 17:09 - 000143688 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
    2017-08-07 17:09 - 2017-08-07 17:09 - 000554824 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
    2017-08-07 17:08 - 2017-08-07 17:08 - 000063304 _____ () C:\Program Files\Box\Box Sync\psutil._psutil_windows.pyd
    2017-08-07 17:10 - 2017-08-07 17:10 - 000698184 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
    2017-08-07 17:02 - 2017-08-07 17:02 - 000009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
    2017-08-07 17:10 - 2017-08-07 17:10 - 000033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
    2017-08-07 17:09 - 2017-08-07 17:09 - 000017736 _____ () C:\Program Files\Box\Box Sync\select.pyd
    2017-08-07 17:13 - 2017-08-07 17:13 - 000187208 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
    2017-08-07 17:08 - 2017-08-07 17:08 - 000185672 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
    2017-08-07 17:10 - 2017-08-07 17:10 - 000528200 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
    2017-08-07 17:10 - 2017-08-07 17:10 - 000029000 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
    2017-08-07 17:11 - 2017-08-07 17:11 - 000155976 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
    2017-08-07 17:13 - 2017-08-07 17:13 - 000069960 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
    2017-08-07 17:11 - 2017-08-07 17:11 - 000142152 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
    2017-08-07 17:11 - 2017-08-07 17:11 - 000051016 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
    2017-08-07 17:12 - 2017-08-07 17:12 - 000059720 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
    2017-08-07 17:14 - 2017-08-07 17:14 - 000032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
    2017-08-07 17:13 - 2017-08-07 17:13 - 000040776 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
    2017-08-07 17:10 - 2017-08-07 17:10 - 000027464 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
    2017-08-07 17:11 - 2017-08-07 17:11 - 000229704 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
    2017-03-22 09:44 - 2017-01-31 06:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2017-09-26 15:39 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
    2017-09-26 15:39 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
    2017-08-07 16:59 - 2017-08-07 16:59 - 000166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    2013-02-25 19:57 - 2011-10-26 18:41 - 000126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
    2013-02-25 19:57 - 2011-10-26 18:41 - 000318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2015-09-30 20:00 - 2015-09-16 23:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2017-05-10 09:12 - 2017-04-27 17:44 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-02 18:08 - 2016-11-19 00:06 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-05-10 09:13 - 2017-04-27 17:42 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-09-30 20:00 - 2015-09-16 23:43 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-10-12 11:43 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-10-12 11:43 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-10-12 11:43 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-10-12 11:43 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-02-01 18:01 - 2016-02-01 18:01 - 000117248 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    2016-02-01 18:00 - 2016-02-01 18:00 - 000234496 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    2016-02-01 18:00 - 2016-02-01 18:00 - 000253440 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    2016-02-01 17:59 - 2016-02-01 17:59 - 000344064 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    2013-03-12 17:10 - 2017-09-09 13:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-19 18:14 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
    2014-05-21 16:49 - 2017-10-11 13:10 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-28 16:45 - 2016-01-27 01:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-28 16:45 - 2016-01-27 01:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-28 16:45 - 2016-01-27 01:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-08-28 16:45 - 2016-01-27 01:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-28 16:45 - 2016-01-27 01:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-01-19 18:14 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-19 18:14 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2013-02-13 22:41 - 2017-10-11 13:10 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-09-11 09:06 - 2014-09-11 09:06 - 000878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
    2014-09-11 09:05 - 2014-09-11 09:05 - 000036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
    2014-09-11 09:06 - 2014-09-11 09:06 - 000038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
    2014-09-11 09:14 - 2014-09-11 09:14 - 000032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
    2014-09-11 09:05 - 2014-09-11 09:05 - 000021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
    2014-09-11 09:14 - 2014-09-11 09:14 - 000027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
    2014-09-11 09:05 - 2014-09-11 09:05 - 000021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
    2014-09-11 09:14 - 2014-09-11 09:14 - 000381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
    2014-09-11 09:05 - 2014-09-11 09:05 - 000204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
    2014-09-11 09:14 - 2014-09-11 09:14 - 000218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
    2014-09-11 09:08 - 2014-09-11 09:08 - 000015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
    2014-09-11 09:14 - 2014-09-11 09:14 - 000015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
    2014-09-11 09:15 - 2014-09-11 09:15 - 000307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
    2014-09-11 09:15 - 2014-09-11 09:15 - 000014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
    2014-09-11 09:15 - 2014-09-11 09:15 - 000252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
    2016-04-08 16:35 - 2016-04-08 16:35 - 003481600 _____ () C:\Users\Ryan Nakai\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
    2017-06-22 20:56 - 2017-06-22 20:56 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2017-01-16 05:40 - 2017-01-16 05:40 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
    2017-10-04 15:22 - 2017-10-03 04:21 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2017-10-04 15:22 - 2017-10-03 04:21 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2017-09-21 12:54 - 2017-10-03 04:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2017-01-23 17:26 - 2017-10-03 04:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2017-01-23 17:26 - 2017-10-03 04:22 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2017-01-23 17:26 - 2017-10-03 04:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2017-10-04 15:22 - 2017-10-03 04:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2017-10-04 15:22 - 2017-10-03 04:21 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2017-01-23 17:26 - 2017-10-03 04:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2017-01-23 17:26 - 2017-10-03 04:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2017-10-04 15:22 - 2017-10-03 04:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2017-04-26 15:53 - 2017-10-03 04:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2017-10-04 15:22 - 2017-10-03 04:21 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2017-01-23 17:26 - 2017-10-03 04:22 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2017-01-23 17:26 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2017-04-26 15:53 - 2017-10-03 04:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2017-04-26 15:53 - 2017-10-03 04:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2017-01-23 17:26 - 2017-10-03 04:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2017-01-23 17:26 - 2017-10-03 04:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2017-09-21 12:54 - 2017-10-03 04:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
    2017-09-21 12:54 - 2017-10-03 04:22 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2017-10-04 15:22 - 2017-10-03 04:21 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2017-10-04 15:22 - 2017-10-03 04:22 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2017-10-04 15:22 - 2017-10-03 04:21 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2017-10-04 15:22 - 2017-10-03 04:22 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2017-09-21 12:54 - 2017-10-03 04:22 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2017-10-04 15:22 - 2017-10-03 04:22 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
    2017-10-04 15:22 - 2017-10-03 04:22 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2017-10-12 12:25 - 2017-10-12 12:25 - 000098816 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32api.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000110080 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pywintypes27.dll
    2017-10-12 12:25 - 2017-10-12 12:25 - 000364544 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pythoncom27.dll
    2017-10-12 12:25 - 2017-10-12 12:25 - 000320512 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32com.shell.shell.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000914432 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_hashlib.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 001176576 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._core_.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000806400 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._gdi_.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000816128 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._windows_.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 001067008 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._controls_.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000733184 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._misc_.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000682496 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pysqlite2._sqlite.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000088064 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_ctypes.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000686080 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\unicodedata.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000119808 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32file.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000108544 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32security.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000007168 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\hashobjs_ext.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000017920 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\thumbnails_ext.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000088064 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\usb_ext.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000012800 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\common.time34.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000018432 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32event.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000167936 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32gui.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000046080 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_socket.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 001303552 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_ssl.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000128512 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_elementtree.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000127488 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\pyexpat.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000038912 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32inet.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000036864 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_psutil_windows.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000525208 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\windows._lib_cacheinvalidation.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000011264 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32crypt.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000123392 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._wizard.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000077312 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._html2.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000027648 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_multiprocessing.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000020480 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\_yappi.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000035840 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32process.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000078848 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\wx._animate.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000024064 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32pipe.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000010240 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\select.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000025600 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32pdh.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000017408 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32profile.pyd
    2017-10-12 12:25 - 2017-10-12 12:25 - 000022528 ____R () C:\Users\Ryan Nakai\AppData\Local\Temp\_MEI59162\win32ts.pyd
    2016-12-17 10:55 - 2017-08-16 16:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
    2017-06-09 19:54 - 2017-09-06 20:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
    2015-01-19 18:14 - 2015-09-24 17:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
    2017-09-27 21:31 - 2017-09-27 21:31 - 000087024 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ryan nakai\documents\r-stuff\wallpapers 1.2.5\patterns and textures\c3634531b40b2b97b30653324691b1b1.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{99123B69-F55B-406C-962C-AF31D8366049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
    FirewallRules: [{9AD84985-A221-4F83-9CEE-DB09ACF1E65F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
    FirewallRules: [{2ECDD4B2-26F7-4789-B671-6A457B78B2BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
    FirewallRules: [{189741C3-8FF9-4480-86E0-82B4E7089D65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
    FirewallRules: [{A29268A0-6729-4674-B2E0-B568F6E9645E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4F710B0D-0431-4EC6-A337-8010E5D3E56E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A57DAC2B-8EB0-48C1-8FCA-ED3FC310B1F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Retro Game Crunch\Retro Game Crunch.exe
    FirewallRules: [{52BAEA47-F1A2-4C00-9D7D-77458EBF8D7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Retro Game Crunch\Retro Game Crunch.exe
    FirewallRules: [{C18176B6-9B10-4EB1-9E97-C46F4CCF5105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{BBF6A2AB-122D-4CE4-937A-0CD481F14D54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{724A6F02-5017-44EC-A990-A3439C8EBD83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Nights\PeggleNights.exe
    FirewallRules: [{EFB856F5-EDC7-4373-B2B9-A4173A3BFCFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Nights\PeggleNights.exe
    FirewallRules: [{A65AC39F-9C68-4352-958C-777D4B3DFE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
    FirewallRules: [{0560329D-E6D1-4B52-BF37-3C14A369593F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
    FirewallRules: [{6760F5BF-5C7E-47BA-A907-9FEFAA0D0BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
    FirewallRules: [{C5E6108E-72BB-4752-B586-69EC1667BB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
    FirewallRules: [{B8B2B5CA-A167-468D-8A1D-91D2F11EFC08}] => (Allow) C:\Users\Ryan Nakai\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{E19FFD3E-E80A-49C0-B793-FE467F2267DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
    FirewallRules: [{5AE08678-D30F-4ECE-9426-A2296E5A0FEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
    FirewallRules: [UDP Query User{AA789855-7BBB-4AFD-A2B6-6ABF2FD47785}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
    FirewallRules: [TCP Query User{BEEDA220-8B3B-4C8A-A29E-C19939DE08BA}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
    FirewallRules: [{286C7A8E-D56A-448F-A195-065B2FB8F707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Extreme\PeggleExtreme.exe
    FirewallRules: [{E75F5F04-1F85-4FCE-A76E-5B4C283D32F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Extreme\PeggleExtreme.exe
    FirewallRules: [{86FD8C81-8BEA-410B-B4DC-FD2757997F52}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{40F7757A-2DEF-4D52-9031-C700A34D59F4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{5FFDCCBB-B476-4EDD-AF84-5630DE8751BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
    FirewallRules: [{C4AD3EBF-8D6A-474B-86DC-B2D07C8D584B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
    FirewallRules: [{B351822B-F375-47DE-BCF9-678CE5352010}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls Beta\SkullGirls.exe
    FirewallRules: [{8F560E9A-B375-40D2-8A64-E6C2FA2FC3B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls Beta\SkullGirls.exe
    FirewallRules: [{535B2FF9-B77F-4182-BB32-D51BEF366A5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
    FirewallRules: [{7ABE7E2A-D900-4FE9-A346-F6D4219A8102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
    FirewallRules: [{E194399D-1B32-4E24-8A24-FC05BC1CBD3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizorb\Wizorb.exe
    FirewallRules: [{FE7E0F51-4B28-4BAF-BDF9-2671B76AC616}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizorb\Wizorb.exe
    FirewallRules: [{6AA883B7-3088-4C39-AB73-4321F4C8F919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
    FirewallRules: [{57EBDD86-C9C4-469D-A88A-210A707849BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
    FirewallRules: [{4C680D68-347B-4B37-BD5B-7BB645D90347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
    FirewallRules: [{97309324-6947-449E-AC98-23EDC67219CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
    FirewallRules: [{CC549FF4-CAB0-4C60-9FD7-A9C182B877C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eversion\eversion.exe
    FirewallRules: [{8A3D4E50-6C9E-40A5-875C-22912BAA1F36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eversion\eversion.exe
    FirewallRules: [{927AB254-936B-4130-829B-8E62C7857553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PCMark 8\bin\PCMark8.exe
    FirewallRules: [{2D24B087-A798-4709-8A1E-93DF39FFD071}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PCMark 8\bin\PCMark8.exe
    FirewallRules: [{E9A82DC3-1E6E-4DAA-BA71-3223136F0886}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{9DF46346-0F19-48BC-9046-7DB61F783506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{27B15300-214F-4A5C-AC09-16BCD13BAF5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
    FirewallRules: [{AC776B45-91CC-476C-B6D7-BEC20AF324E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
    FirewallRules: [{43068E02-7408-4379-9BFF-D8F2EBDE2429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
    FirewallRules: [{8CA70194-C4D4-4C42-A800-48893F67C8C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
    FirewallRules: [{582DD20C-4D3E-4F38-9365-9967B9D16D18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{4535524C-3A31-46AA-A3CE-AD53F73C803E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{2BF3973E-F7C1-4224-9048-5BD22C63F6E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{5F9265D6-B5F9-4F1E-A94C-4DC4EBAEABA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{A80CDC9B-46D9-4C46-8CB8-0E9BF18217F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{659A457D-B34E-44BC-BEE7-373C840E2EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{13C61C1C-C131-4933-A0FC-5392553D8923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{9F41614C-97FE-43B7-87E6-FAFA5551D06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{AD068A6B-0FC7-46F2-B5CC-75DBD70043EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
    FirewallRules: [{7C5A37C4-CBFF-4DDA-A9E4-DFAB858ECC7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
    FirewallRules: [{989FD6DD-7D5C-4C81-BFEC-03F3FDE422D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
    FirewallRules: [{5AA5B594-7431-4816-93D7-7C0173C3ED38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
    FirewallRules: [{AC62340A-E2C0-43B4-A3C5-E6DE446539D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{EB742BDF-4193-4F9B-8288-8879321CEFAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{E268A297-792E-4A45-A294-937CE256F0F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{FAAD0623-3C55-4C05-993A-35045D86C1CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{8DC6B44B-5B6E-429C-B4B5-FD9725A606A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{89AB3886-7C29-40EB-9B75-95DB221826DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{A4F95AF1-BD0B-439A-818F-95933B2DB033}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{0F8092E9-8448-4545-AFB5-A22DE37F2D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{2089D6C5-0A8E-41AE-B8F4-5AC4CCE827F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
    FirewallRules: [{325F518C-350D-4ECB-A38B-E5961D6FE54A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
    FirewallRules: [{815E1353-28FC-421E-8754-FAD917101FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{C6D12C77-FD1E-4C9C-BF6C-D44482DD1FB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{A949B850-94B2-46CF-895D-98BF244413BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BIT.TRIP BEAT\BEAT.exe
    FirewallRules: [{347CB3EF-C616-43F9-93AE-3EFED032A711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BIT.TRIP BEAT\BEAT.exe
    FirewallRules: [{5DB713F0-91EA-4521-95B1-EE91B5F69314}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\config.exe
    FirewallRules: [{4090BC91-451A-464B-8B5A-D2AF4F1ED706}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\config.exe
    FirewallRules: [{25D7770C-58C6-4FAB-9D4B-D41B89671838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\nl2.exe
    FirewallRules: [{8D5EE0ED-FC06-4501-891A-AC139B730022}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\nl2.exe
    FirewallRules: [UDP Query User{CE0471B1-4D26-45B2-B91C-25CB59C707E9}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [TCP Query User{465DA2B4-F6F9-41AB-8C23-87944EC85DF4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [{50ED50AC-FF34-491E-BAEF-91217E08D068}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
    FirewallRules: [{171515DD-28E9-4B99-9755-BA53F812B272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
    FirewallRules: [{76A0A0BB-C9C7-4D10-96B2-EA4595B85A5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{4F098576-07ED-44A6-B939-49F47679E786}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{B45C6EB1-EFDA-47C8-832D-BCEE1FE77757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{00704251-EB0C-414B-A3F9-34540B6F8972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{980CD676-C83B-471C-9EDF-A0DCF5244F3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{E07C2FDB-57CA-4E8F-8584-83F4F42D9F9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{7C89DBCD-DBD1-4A51-A50C-80C2BF9972CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{CC59B608-4699-4BCC-BE35-4967B93B78EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
    FirewallRules: [{01FC424C-01B0-4A5C-8DBB-B4A33A30B4CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
    FirewallRules: [{E5F80EF9-A088-4251-83A9-2F78DCCEC5E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
    FirewallRules: [{1629A8D2-469F-4141-8894-E832B7B57264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
    FirewallRules: [{67C71B49-3D11-41CB-800E-5BCA794BAEC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
    FirewallRules: [UDP Query User{5D8F56BB-74C8-42DA-8A06-6137E5A06CE2}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
    FirewallRules: [TCP Query User{40483D28-5B8D-4250-B353-B7DEFE574304}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
    FirewallRules: [{5F81ECB0-F187-416F-B563-88138D421B4A}] => (Allow) LPort=1900
    FirewallRules: [{BAA9C1CF-0A0D-40EA-8E38-53AB51939343}] => (Allow) LPort=2869
    FirewallRules: [{B7D1920E-03D9-45B2-8EE3-433472236E36}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6EAB3C87-F5E1-4667-A63C-FBFA0EAA4977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
    FirewallRules: [{EF1B7469-2F83-4986-B1F4-B3BAC7812C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
    FirewallRules: [UDP Query User{77A9F624-1464-4ECF-ABB0-FA07BB8D46C3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [TCP Query User{D5E491AA-92FB-483C-82E6-339702729A32}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [{F60247A5-5E88-4609-BD10-CEBF55D02D4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
    FirewallRules: [{74A65BB6-3117-43B2-B7D0-0987B6BFB544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
    FirewallRules: [UDP Query User{6E3A34B7-C8A4-488C-A7BC-CC8872D98894}C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{815E741A-F708-4C19-A985-D58FFF5082C8}C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ryan nakai\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{A28138A5-BD8D-40F3-8738-320B0AF6C90B}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Allow) C:\program files (x86)\makemkv\makemkvcon64.exe
    FirewallRules: [TCP Query User{BD6FDF31-D9AF-4F6A-8839-2EB72FE2C13D}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Allow) C:\program files (x86)\makemkv\makemkvcon64.exe
    FirewallRules: [{1E5CFEFD-1361-4FC1-88C3-C72340D70E39}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{E8027A51-98E3-4531-BD1E-21EABE99C48B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{1B1EA51D-E185-4757-B68F-058ED4088110}J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe] => (Allow) J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe
    FirewallRules: [TCP Query User{2F836463-65AF-4437-BB31-1BC741343282}J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe] => (Allow) J:\portableapps\lanmessengerportable\app\lanmessenger\lmc.exe
    FirewallRules: [{241A381E-BB20-4782-9FBF-21B3BCC7146C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{9842E21D-4A30-494D-AD0F-39D677FB65F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{BE0A011F-A2FB-4192-91EB-2E7DD86902A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
    FirewallRules: [{1DE85618-A800-4734-8EF7-ACAF4B6CB4D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
    FirewallRules: [{99962BDC-C549-4562-BC0D-B0828F1AD21C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Heaven\PinkHeaven.exe
    FirewallRules: [{F5DA0CA8-CB54-4214-8268-D0F4E44DA08E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Heaven\PinkHeaven.exe
    FirewallRules: [{C4F36EBD-17D5-458B-A874-3EF18608A60D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Hour\PinkHour.exe
    FirewallRules: [{CE8F7008-F9D4-4521-9CD1-8EF92844FB9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pink Hour\PinkHour.exe
    FirewallRules: [{90D274C6-DBC5-4EDD-8AAB-A0520063A980}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DE2C0E49-86DB-4C3E-97D3-B4CA88F7B484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{AD64A23B-1A2E-4992-B340-30C89E246593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mighty Switch Force! Hose It Down!\HoseItDown.exe
    FirewallRules: [{7C0CA58B-8C11-4537-8AFC-4423D220433B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mighty Switch Force! Hose It Down!\HoseItDown.exe
    FirewallRules: [{83E0EC28-DFE3-4B41-B3BE-6277D2627E2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm7.exe
    FirewallRules: [{581626F8-FD6A-4503-AA49-507CA4EF59EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm7.exe
    FirewallRules: [{09E0B2C6-62F7-4423-A32C-8066B657DA85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm5.exe
    FirewallRules: [{E8EE5830-455D-463D-BFF6-19FE1AD7CEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Remedy\remedy_gm5.exe
    FirewallRules: [{437F58D2-121D-4161-A672-562C5B3C60AB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{B534FD21-433E-44E7-B638-A4DEF76F0B9E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{427066B3-A4BC-4524-B212-ABD2B7CD4211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitB\8BB.exe
    FirewallRules: [{17F357CE-6E1C-4645-810D-2D1F0370FA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitB\8BB.exe
    FirewallRules: [TCP Query User{4D90F1E0-4031-4C81-8912-62CA25AD038B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{3DA30484-194E-4837-86A2-2552DE50D1CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{7DFC39AD-56BC-4055-9E6F-80FB0AD7CED8}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
    FirewallRules: [{FF4B6C72-5AB8-4DD2-837D-B89E922F89F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{F1319CB0-04AF-47B4-ADC2-2D5178E4570B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
    FirewallRules: [{02C518C1-39FB-40E6-8DFA-DE51830F6857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
    FirewallRules: [{C1D19D5D-3948-4EAB-A997-B32A53A0D755}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    __

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-10-12 17:00:12
    -----------------------------
    17:00:12.159 OS Version: Windows x64 6.2.9200
    17:00:12.159 Number of processors: 6 586 0xA00
    17:00:12.160 ComputerName: LICORICE-PC UserName: Ryan Nakai
    17:00:17.319 Initialize success
    17:00:17.381 VM: initialized successfully
    17:00:17.385 VM: Amd CPU BiosDisabled
    17:10:38.783 AVAST engine defs: 17030301
    17:20:14.632 The log file has been saved successfully to "C:\Users\Ryan Nakai\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,282

    Default

    Start Farbar Recovery Scan Tool (Please double-click on FRST/FRST64) with Administrator privileges

    or Right click on the FRST icon and select Run as administrator
    Highlight the below information then hit the Ctrl + C keys at the same time
    or

    Right click/highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
    FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
    2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
    2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
    2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
    Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
    Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ******

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    Junkware Removal Tool (JRT)
    • Download Junkware Removal Tool (JRT) and move it to your Desktop
    • Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Press on any key to launch the scan and let it complete

      Credits : BleepingComputer.com
    • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply

    created by Aura
    ~~~~~~~~~~~~~~~~~

    If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
    • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
    • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
    • Let the scan run, the time required to complete the scan depends of your system and computer specs
    • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
      • If it asks you to restart your computer to complete the removal, do so
    • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply



    ~~
    In Your next reply post
    • Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted JRT log
    • Malwarebytes log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Oct 2017
    Posts
    8

    Default

    I could not get the JRT nor the Malwarebytes logs as they seized up during scanning.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
    Ran by Ryan Nakai (13-10-2017 15:24:24) Run:1
    Running from C:\Users\Ryan Nakai\Desktop
    Loaded Profiles: Ryan Nakai (Available Profiles: Ryan Nakai & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
    FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
    2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
    2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
    2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
    Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
    Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    Emptytemp:

    *****************

    Processes closed successfully.

    --

    # AdwCleaner 7.0.3.1 - Logfile created on Fri Oct 13 21:33:45 2017
    # Updated on 2017/29/09 by Malwarebytes
    # Running on Windows 10 Pro (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Users\Ryan Nakai\AppData\Roaming\dvdvideosoftiehelpers
    Deleted: C:\Users\Ryan Nakai\AppData\Local\Pokki
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    Deleted: C:\Program Files (x86)\Auslogics
    Deleted: C:\Users\Ryan Nakai\AppData\Roaming\Auslogics


    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Deleted: [Key] - HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\APN PIP
    Deleted: [Key] - HKCU\Software\APN PIP
    Deleted: [Key] - HKLM\SOFTWARE\PIP
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
    Deleted: [Key] - HKLM\SOFTWARE\Auslogics
    Deleted: [Key] - HKU\S-1-5-21-3813752901-3998910076-3428625962-1001\Software\Auslogics
    Deleted: [Key] - HKCU\Software\Auslogics
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [3561 B] - [2017/10/13 21:31:52]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,282

    Default

    I could not get the JRT nor the Malwarebytes logs as they seized up during scanning.
    That could be from security apps running in the back ground
    You can try to boot into safe mode and run the scans again.

    Can you look for Fixlog.txt
    The one you posted looks to be incomplete.

    ~~

    Zemana AntiMalware
    • Download and install Zemana AntiMalware
    • Open Zemana AntiMalware, and click on the Scan button
    • Wait for the scan to complete
    • Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
    • If it asks you to reboot your computer to finish the clean-up, do so
    • After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
    • A log will open in Notepad
    • Copy/paste the content of that log in your next reply

    created by Aura
    **
    please post this log when finished.

    How is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Oct 2017
    Posts
    8

    Default

    Here is the fixlog

    I cannot find a way to boot into safe mode and what I am trying to do is somehow being blocked by this thing.

    __

    Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
    Ran by Ryan Nakai (13-10-2017 15:24:24) Run:1
    Running from C:\Users\Ryan Nakai\Desktop
    Loaded Profiles: Ryan Nakai (Available Profiles: Ryan Nakai & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    FF user.js: detected! => C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js [2014-11-04]
    FF SearchPlugin: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml [2013-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
    2017-08-02 09:12 - 2017-08-02 09:12 - 001786128 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-224de45.exe
    2017-09-25 19:49 - 2017-09-25 19:54 - 018624784 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\mpam-9ad71ab3.exe
    2017-07-21 20:26 - 2017-09-24 14:21 - 006457520 _____ (Microsoft Corporation) C:\Users\Ryan Nakai\AppData\Local\Temp\Windows10Upgrade.exe
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3813752901-3998910076-3428625962-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    Task: {2799B9E9-12D3-4F71-A23D-15D51EBB365C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {318D4469-1F62-4553-913D-6E3840E17E41} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {43E6EBC5-14EC-413D-B797-62A2979D587D} - System32\Tasks\{04831F74-BB9F-4417-B60D-8864EEFCFC35} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ryan Nakai\AppData\Local\Temp\7zS803E.tmp\MicroInstallerNative.exe" -d C:\Users\RYANNA~1\AppData\Local\Temp\7zS803E.tmp <==== ATTENTION
    Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
    Task: {9C374FB4-2472-476C-861F-85F0B3B2F514} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A4129062-7BB3-4F94-88A5-3FB69D7AC940} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {ADB0D469-C39D-417C-B284-A856780422DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B4616533-F011-4B5B-97DC-9A089B4E081A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BFC7F104-DCC1-4F32-9985-ED1D40749943} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D0292CC7-8EAC-49B4-981A-4191BB8F69AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1D43B61-A0FB-4164-B1D3-47DFB685FDAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F577CB80-ADC2-4DF2-BFA0-88211234FBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FCAED403-2419-4D81-81D8-6B792FCD1027} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_npoipmeppdioagbkigdlnpmjphnolaog\Scientific Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=npoipmeppdioagbkigdlnpmjphnolaog
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nffchahhjecejoiigmnhhicpoabngedk\OneDrive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nffchahhjecejoiigmnhhicpoabngedk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mhagnkphcmpkmabhocgimoncfaihkpof\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_liglcienpnkhdajdfmnpbgmpjglonipe\Numerics Calculator & Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=liglcienpnkhdajdfmnpbgmpjglonipe
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lhecpmapflhhdpcnpedpcaabolnapcae\The Gansberg Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lhecpmapflhhdpcnpedpcaabolnapcae
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_joodangkbfjnajiiifokapkpmhfnpleo\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hoihofapbdnldlhecnhefifbcddgdkhm\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_felcaaldnbdncclmgdcncolpebgiejap\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=felcaaldnbdncclmgdcncolpebgiejap
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_edebbhkhcaafmolanelponjjanocpacd\Timer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=edebbhkhcaafmolanelponjjanocpacd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_decmldkknaaemlafplkkdmmmelbdnlja\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_cbfcckmhbpkjgfcnbgfmdodnlokimjdc\HTML5 Analog Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cbfcckmhbpkjgfcnbgfmdodnlokimjdc
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpebaehgfgkcmmjjknibibbjacnplim\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bhdheahnajobgndecdbggfmcojekgdko\Desmos Graphing Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bhdheahnajobgndecdbggfmcojekgdko
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agbmjhlgdihdaebioelepgldgojpkjag\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aapocclcgogkmnckokdopfmhonfmgoek\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aapocclcgogkmnckokdopfmhonfmgoek
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AudioRecorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=enhfkjkjfhhdibpgjmiamdcdgmcjpplk
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendar Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=galgfocamdohgeifjlbefkfpaalankfi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Just Type.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agbmjhlgdihdaebioelepgldgojpkjag
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=joodangkbfjnajiiifokapkpmhfnpleo
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Type Case.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\66b9b787e09fde9f\History Eraser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gjieilkfnnjoihjjonajndjldjoagffm
    ShortcutWithArgument: C:\Users\Ryan Nakai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34707bd4e0c9d2b9\Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    Emptytemp:

    *****************

    Processes closed successfully.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,282

    Default

    How to boot into safe mode
    https://www.pcworld.com/article/2984...safe-mode.html

    Were you able to run the Zemana AntiMalware scan?

    ~~
    Please follow the instructions below to run Malwarebytes Anti Rootkit (MBAR)
    https://forums.malwarebytes.com/topi...-malwarebytes/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Junior Member
    Join Date
    Oct 2017
    Posts
    8

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 10 Pro x64
    Ran by Ryan Nakai (Limited) on Sat 10/14/2017 at 15:45:17.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 8

    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\1952 (Folder)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\3326 (Folder)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\7439 (Folder)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\8502 (Folder)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi (File)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\extensions\staged (Folder)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\searchplugins\youtube-video-search.xml (File)
    Successfully deleted: C:\Users\Ryan Nakai\AppData\Roaming\Mozilla\Firefox\Profiles\7fsthnf9.default\user.js (File)



    Registry: 5

    Successfully deleted: HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_01263A5253C555C4A9D4CAD3ADB95ECB (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/14/2017 at 15:47:11.91
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ___


    # AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 14 21:14:41 2017
    # Updated on 2017/29/09 by Malwarebytes
    # Database: 09-29-2017.1
    # Running on Windows 10 Pro (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[C0].txt - [3288 B] - [2017/10/13 21:33:45]
    C:/AdwCleaner/AdwCleaner[S0].txt - [3561 B] - [2017/10/13 21:31:52]
    C:/AdwCleaner/AdwCleaner[S1].txt - [1082 B] - [2017/10/14 19:26:7]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

    __


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/14/2017
    Scan Time: 6:41 PM
    Logfile: MB.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2017.10.14.08
    Rootkit Database: v2017.10.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Ryan Nakai

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 356191
    Time Elapsed: 26 min, 47 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 1
    PUP.Optional.DVDVideoSoft, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{ACAA314B-EEBA-48e4-AD47-84E31C44796C}, C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\, Quarantined, [a1bf25b60f9ad95d48142883c938df21]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Quarantined, [bba5f1eaaffa0a2c4a6675964cb6af51],
    PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Quarantined, [49177e5d72379d99c3ed8586f90934cc],
    PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.myway.com_0.localstorage, Quarantined, [bfa14f8cb6f32f0762bf29e71fe349b7],
    PUP.Optional.MindSpark.Generic, C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, Quarantined, [1947cf0c9c0ddb5bb66b1af6f80afa06],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ___

    Zemana AntiMalware 2.74.2.150 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/10/14
    Operating System : Windows 10 64-bit
    Processor : 6X AMD Phenom(tm) II X6 1045T Processor
    BIOS Mode : Legacy
    CUID : 12A24B39E35E010AB389DE
    Scan Type : System Scan
    Duration : 40m 48s
    Scanned Objects : 223311
    Detected Objects : 5
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Chrome Shortcut
    Status : Scanned
    Object : --app-id=afgojplakjihkbpjdemlbedkkgpbojeg
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Chrome Shortcut

    Chrome Shortcut
    Status : Scanned
    Object : --app-id=gjieilkfnnjoihjjonajndjldjoagffm
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Chrome Shortcut

    Chrome Shortcut
    Status : Scanned
    Object : --app-id=hoihofapbdnldlhecnhefifbcddgdkhm
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Chrome Shortcut

    BehindTheOverlay
    Status : Scanned
    Object : %localappdata%\google\chrome\user data\default\extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : PUA.ChromeExt!Gr
    Cleaning Action : Repair
    Related Objects :
    Browser Extension - BehindTheOverlay

    Crackle
    Status : Scanned
    Object : %localappdata%\google\chrome\user data\default\extensions\ibfamoapbmmmlknoopmmfofgladlinic
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : PUA.ChromeExt!Gr
    Cleaning Action : Repair
    Related Objects :
    Browser Extension - Crackle


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 5
    Reported as safe : 0
    Failed : 0


    ____


    Zemana AntiMalware 2.74.2.150 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/10/14
    Operating System : Windows 10 64-bit
    Processor : 6X AMD Phenom(tm) II X6 1045T Processor
    BIOS Mode : Legacy
    CUID : 12A24B39E35E010AB389DE
    Scan Type : System Scan
    Duration : 37m 52s
    Scanned Objects : 210372
    Detected Objects : 1
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Crackle
    Status : Scanned
    Object : %localappdata%\google\chrome\user data\default\extensions\ibfamoapbmmmlknoopmmfofgladlinic
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : PUA.ChromeExt!Gr
    Cleaning Action : Repair
    Related Objects :
    Browser Extension - Crackle


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 1
    Reported as safe : 0
    Failed : 0

  8. #8
    Junior Member
    Join Date
    Oct 2017
    Posts
    8

    Default

    The computer can shut down now!

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,282

    Default

    Thank you for the logs.

    The computer can shut down now!
    Hope thats a good thing.

    ~~~
    Emsisoft Emergency Kit
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    created by Aura

    After running the above scan, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  10. #10
    Junior Member
    Join Date
    Oct 2017
    Posts
    8

    Default

    Emsisoft Emergency Kit - Version 2017.8
    Forensics log

    Date Component Action Details
    10/15/2017 12:37:58 PM User LICORICE-R-PC\RYAN NAKAI Infection quarantined PUP "Application.AdReg (A)" in "DEFAULTTABBHO.DEFAULTTABBROWSER".
    10/15/2017 12:37:57 PM User LICORICE-R-PC\RYAN NAKAI Infection quarantined PUP "Application.InstallAd (A)" in "PDFFORGE".
    10/15/2017 12:37:57 PM User LICORICE-R-PC\RYAN NAKAI Infection quarantined PUP "Application.AdReg (A)" in "DEFAULTTABBHO.DEFAULTTABBROWSER.1".
    10/15/2017 12:36:48 PM Scanner Scan finished Found 4 objects , user to decide on further actions.
    10/15/2017 11:57:30 AM Scanner Detection PUP "Application.AdReg (A)" in "DEFAULTTABBHO.DEFAULTTABBROWSER" and 3 other objects
    10/15/2017 11:56:52 AM User LICORICE-R-PC\Ryan Nakai Scan started Malware Scan
    10/15/2017 11:56:32 AM User LICORICE-R-PC\Ryan Nakai Setting modified "Detect PUPs" has been changed to "Enabled".
    10/15/2017 11:53:08 AM User Update Downloaded and installed 64 files (15874 kb) (1 min. 44 sec.).
    10/15/2017 11:51:24 AM Core Notification "Recommended Reading:New in 2017.9: Making things simpler and easier".
    10/15/2017 11:51:13 AM User Update Failed with error "Server returned error" (0 sec.).
    ___


    The Computer's working smoothly now plus it can shut down faster than ever!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •