yawhoowinning

I don't have the zip file. Everything seems resolved! Thank you!

Thanks! Ran that Fixlist and attached is FixLog. No, I have no folders on desktop. Fixlog.txt

I can't. Gives me similar error "File not found or no read permission". FRST.txt and Addition.txt attached. Addition.txt FRST.txt

I just stopped Panda Antivirus and Avast is running in "passive" mode. Still have the exact same error. PC is actually behaving fine now. Is it possible this is over?

When I am doing this task: "When you finish, please ZIP this folder: C:\FRST\Quarantine and upload it here http://zippyshare.com/ " I get: WinRAR: Diagnostic Message: "C:\FRST\Quarantine.zip: Cannot open C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\SkypeSetup.exe.xBAD ! Access is denied." Fixlog.txt

Thank you TwinHeadedEagle! Yesterday. I installed some program I shouldn't have and you could tell the infection started immediately. It installed a browser program and a "MyMemory" program which I've uninstalled. I wish I could remember more. I've run Avast Malwarebyes etc. all many times but this thing still exists. Attached are files requested, thank you! Addition.txt FRST.txt

I just reviewed everything in www.bleepingcomputer.com and there's nothing there from me anymore. So now I realize that I don't know what multiple forums you're referring to above, can you please describe in detail?

You mean www.bleepingcomputer.com? I thought I deleted everything over there. They have a bug in their forum which creates never-ending load of new posts (I'm happy to show you screen-video-recordings if necessary). So I was consistently, over a 24hr period, unable to post to their forum my complete details. Then I came here and started this thread. I'll go back over there and delete the messages I apparently failed to delete now.

Here's my latest FRST log, after all of the above was done: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017 Ran by Nate Clark Winner (administrator) on YAWHOOBEAST (06-01-2017 09:25:34) Running from C:\Users\Nate Clark Winner\Desktop\New folder Loaded Profiles: Nate Clark Winner (Available Profiles: Nate Clark Winner & UpdatusUser & nates & Administrator & Guest) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe ( Rsupport Corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\WINDOWS\System32\alg.exe () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe () C:\Program Files\pia_manager\pia_manager.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Rsupport corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Facebook Inc.) C:\Users\Nate Clark Winner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\Send Anywhere\sendanywhere.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\unquantified\granada.exe (Creative Technology Ltd.) C:\WINDOWS\OEM05Mon.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (hxxp://www.ruby-lang.org/) C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\bin\rubyw.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\Program Files\pia_manager\pia_manager.exe (hxxp://www.ruby-lang.org/) C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\bin\rubyw.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Simulated\surpluses.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [chided] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKLM\...\Run: [chidedchided] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [OEM05Mon.exe] => C:\WINDOWS\OEM05Mon.exe [36864 2007-05-08] (Creative Technology Ltd.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [psyche] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKLM-x32\...\Run: [psychepsyche] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-05] (AVAST Software) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe, HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Spotify Web Helper] => C:\Users\Nate Clark Winner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-22] (Spotify Ltd) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Google Update] => C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Facebook Update] => C:\Users\Nate Clark Winner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-21] (Facebook Inc.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [DownloadAccelerator] => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Highfive Update] => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe [117192 2016-07-14] (Highfive) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [SendAnywhere] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe [5555896 2016-06-09] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [summoned] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [summonedsummoned] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [gumbs] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [gumbsgumbs] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [granada] => C:\Program Files (x86)\unquantified\granada.exe [68793 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [washrooms] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\MountPoints2: E - "E:\Autoplay.exe" -auto HKU\S-1-5-18\...\Run: [] => 0 ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-05] (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2014-06-01] ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-26] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\resa.lnk [2017-01-05] ShortcutTarget: resa.lnk -> C:\Program Files (x86)\Simulated\surpluses.exe () Startup: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-12-14] ShortcutTarget: Slack.lnk -> C:\Users\Nate Clark Winner\AppData\Local\slack\Update.exe () BootExecute: autocheck autochk * bootdelete GroupPolicyScripts-x32: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{21d84fe9-af96-4798-9241-39d4a30ed39c}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{951fdce8-9634-49a8-8b67-c77cc3908a59}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{eb1b79c3-5a84-43b6-b52e-5c93a110f7cd}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Internet Explorer: ================== HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-46ed77ce HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-46ed77ce&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-46ed77ce&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-46ed77ce&q={searchTerms} SearchScopes: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation) BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation) Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: p10mzcwz.default FF ProfilePath: C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\Firefox\Profiles\p10mzcwz.default [2017-01-06] FF NewTab: Mozilla\Firefox\Profiles\p10mzcwz.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p10mzcwz.default -> Google FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\p10mzcwz.default -> Search Provided by Bing FF DefaultSearchUrl: Mozilla\Firefox\Profiles\p10mzcwz.default -> hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\p10mzcwz.default -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p10mzcwz.default -> Google FF Homepage: Mozilla\Firefox\Profiles\p10mzcwz.default -> hxxps://www.google.com/?bcutc=sp-006 FF Keyword.URL: Mozilla\Firefox\Profiles\p10mzcwz.default -> hxxps://www.google.com/search?bcutc=sp-006 FF Extension: (Firefox Hotfix) - C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\Firefox\Profiles\p10mzcwz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-16] FF SearchPlugin: C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\Firefox\Profiles\p10mzcwz.default\searchplugins\google-avast.xml [2017-01-05] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-05] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @highfive.com/nphighfive_launcher_prod -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Application\v1.54.0-6-g61f5640\plugins\nphighfive_launcher_prod.dll [2016-11-23] (Highfive) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nate Clark Winner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @talk.google.com/O1DPlugin -> C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.start.highfive.com:443/Highfive Update;version=3 -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\1.3.23.0\npGoogleUpdate3.dll [2016-07-14] (Highfive) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.start.highfive.com:443/Highfive Update;version=9 -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\1.3.23.0\npGoogleUpdate3.dll [2016-07-14] (Highfive) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: highfive.com/highfive_launcher_prod -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Application\v1.54.0-6-g61f5640\plugins\nphighfive_launcher_prod.dll [2016-11-23] (Highfive) FF Plugin ProgramFiles/Appdata: C:\Users\Nate Clark Winner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Nate Clark Winner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://gmail.com/","hxxp://voice.google.com/","hxxp://calendar.google.com/","hxxps://www.facebook.com/","hxxp://www.washingtonpost.com/","hxxp://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.7.598&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-46ed77ce" CHR Profile: C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default [2017-01-05] CHR Extension: (Google Slides) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Popup Notifications for Craigslist) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj [2016-12-21] CHR Extension: (Google Docs) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-21] CHR Extension: (YouTube) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-21] CHR Extension: (Google Search) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07] CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-12-21] CHR Extension: (Video Downloader professional) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-12-21] CHR Extension: (Google Sheets) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Avira Browser Safety) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-12-21] CHR Extension: (Google Docs Offline) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-21] CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2016-12-21] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-12-21] CHR Extension: (Sales Prospecting - Datanyze Insider) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlholfadgbpidekmhdibonbjhdmpmafd [2016-12-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-21] CHR Extension: (Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-21] CHR Extension: (Chrome Media Router) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-21] CHR Extension: (Streak CRM for Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-12-21] CHR Profile: C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-06] CHR Extension: (Google Slides) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22] CHR Extension: (Data Compression Proxy) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep [2016-06-03] CHR Extension: (Google Docs) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22] CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apboafhkiegglekeafbckfjldecefkhn [2016-02-08] CHR Extension: (Google Drive) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Adguard AdBlocker) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-22] CHR Extension: (YouTube) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Pushbullet) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-29] CHR Extension: (Gif Delayer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2015-03-22] CHR Extension: (Google Search) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-09-15] CHR Extension: (Timer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edebbhkhcaafmolanelponjjanocpacd [2015-03-22] CHR Extension: (Better, Faster, Private Browsing) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejddjiiombhjiejeclpkoebbepphohen [2015-08-17] CHR Extension: (Gmail Offline) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-22] CHR Extension: (Google Calendar) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06] CHR Extension: (Video Downloader professional) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-18] CHR Extension: (Google Sheets) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22] CHR Extension: (Avira Browser Safety) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-03] CHR Extension: (HTTPS Everywhere) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-12-21] CHR Extension: (Google Docs Offline) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19] CHR Extension: (MagicScroll eBook Reader) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-22] CHR Extension: (Downloads - Your Download Box) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2016-10-29] CHR Extension: (Yesware Email Tracking) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2017-01-05] CHR Extension: (Imgur to Gfycat) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2015-04-16] CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2016-03-05] CHR Extension: (Grammarly for Chrome) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-02] CHR Extension: (Google Voice (by Google)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-03-22] CHR Extension: (Super Auto Refresh) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkhjakkgopekjlempoplnjclgedabddk [2016-07-30] CHR Extension: (The Great Suspender) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-06] CHR Extension: (Webcam Toy) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-25] CHR Extension: (Linkclump) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2016-12-14] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-11] CHR Extension: (Trillor - a Trello card mirror) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmkimphmamcbhnidjipnihfmoipdhimi [2016-07-12] CHR Extension: (Google Maps) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20] CHR Extension: (Pocket) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-12-08] CHR Extension: (Ghostery) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-02] CHR Extension: (Google Hangouts) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Hover Zoom) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-01-05] CHR Extension: (Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11] CHR Extension: (Chrome Media Router) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR Extension: (RSS Feed Reader) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-12-14] CHR Extension: (Streak CRM for Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-22] CHR HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-05] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation) S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation) R2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [1278280 2016-10-23] ( Rsupport Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed] U2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-05] (AVAST Software) S3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-05] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-05] (AVAST Software) S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-05] (AVAST Software) S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-05] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-05] (AVAST Software) S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-05] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-05] (AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-01-05] () R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103824 2015-07-16] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-16] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-16] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120208 2015-07-16] (Panda Security, S.L.) R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112536 2015-07-16] (Panda Security, S.L.) R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-16] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309648 2015-07-16] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179608 2015-07-16] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-16] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-16] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-16] (Panda Security, S.L.) R3 OEM05Vfx; C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.) R3 OEM05Vid; C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys [266720 2007-07-19] (Creative Technology Ltd.) R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.) R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [173464 2015-07-21] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130968 2015-07-21] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207256 2015-07-21] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133528 2015-07-21] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [143768 2015-07-21] (Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117144 2015-07-21] (Panda Security, S.L.) R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-06 14:39 - 2017-01-06 14:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Nate Clark Winner\Downloads\mbar-1.09.3.1001.exe 2017-01-06 14:39 - 2017-01-06 09:08 - 00000000 ____D C:\Users\Nate Clark Winner\Desktop\mbar 2017-01-06 08:25 - 2017-01-06 08:25 - 06321256 _____ C:\Users\Nate Clark Winner\Downloads\bandicam_2017-01-04_23-26-10-647.avi 2017-01-06 07:56 - 2017-01-06 14:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-05 23:12 - 2017-01-05 23:13 - 00000000 ____D C:\Users\Nate Clark Winner\Desktop\New folder 2017-01-05 22:53 - 2017-01-05 22:53 - 00006088 _____ C:\WINDOWS\system32\.crusader 2017-01-05 22:05 - 2017-01-05 22:05 - 00003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-05 20:46 - 2017-01-05 22:13 - 00004012 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1483670807 2017-01-05 20:46 - 2017-01-05 22:13 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-01-05 20:46 - 2017-01-05 20:46 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-01-05 20:45 - 2017-01-05 20:45 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-01-05 20:40 - 2017-01-05 20:40 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\AdvinstAnalytics 2017-01-05 20:38 - 2017-01-05 20:38 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-01-05 20:38 - 2017-01-05 20:38 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-05 20:38 - 2017-01-05 20:38 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\AVAST Software 2017-01-05 20:37 - 2017-01-05 20:46 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-01-05 20:37 - 2017-01-05 20:38 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2017-01-05 20:37 - 2017-01-05 20:38 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-01-05 20:37 - 2017-01-05 20:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2017-01-05 20:37 - 2017-01-05 20:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2017-01-05 20:30 - 2017-01-05 20:45 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-05 20:30 - 2017-01-05 20:45 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-05 20:29 - 2017-01-05 20:29 - 06334848 _____ (AVAST Software) C:\Users\Nate Clark Winner\Downloads\avast_free_antivirus_setup_online.exe 2017-01-05 20:28 - 2017-01-05 22:55 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-01-05 20:28 - 2017-01-05 22:53 - 00000000 ____D C:\ProgramData\HitmanPro 2017-01-05 20:26 - 2017-01-05 20:26 - 00001840 _____ C:\Users\Nate Clark Winner\AppData\Local\recently-used.xbel 2017-01-05 20:25 - 2017-01-05 20:25 - 03977168 _____ C:\Users\Nate Clark Winner\Downloads\adwcleaner_6.041.exe 2017-01-05 19:55 - 2017-01-05 19:55 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-01-05 19:55 - 2017-01-05 19:55 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\CrashRpt 2017-01-05 19:54 - 2017-01-05 19:55 - 00000000 ____D C:\WINDOWS\system32\SSL 2017-01-05 19:53 - 2017-01-05 19:53 - 00003746 _____ C:\WINDOWS\System32\Tasks\bak21598691k21598691 2017-01-05 19:53 - 2017-01-05 19:53 - 00003734 _____ C:\WINDOWS\System32\Tasks\ba65832336583233 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ___HD C:\Program Files (x86)\unquantified 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ___HD C:\Program Files (x86)\Simulated 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ___HD C:\Program Files (x86)\Navajos 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ____D C:\Program Files (x86)\gutless 2017-01-05 19:52 - 2017-01-05 19:52 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Chromium 2017-01-05 19:51 - 2017-01-05 19:51 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-01-05 19:51 - 2017-01-05 19:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-01-05 19:46 - 2017-01-05 19:59 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG 2017-01-05 19:46 - 2017-01-05 19:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\The Great Wall 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:45 - 2017-01-06 14:37 - 00000258 __RSH C:\Users\Nate Clark Winner\ntuser.pol 2017-01-05 19:44 - 2017-01-05 19:44 - 00000001 _____ C:\Users\Nate Clark Winner\AppData\Roaming\XSLvRF 2017-01-05 19:44 - 2017-01-05 19:44 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\tdcut 2017-01-05 19:43 - 2017-01-05 19:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Patriots Day 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:43 - 2017-01-05 19:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Jack Reacher Never Go Back 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:43 - 2017-01-05 19:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Hell Or High Water 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:38 - 2017-01-05 19:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Hacksaw Ridge 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:32 - 2017-01-05 19:33 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\The Accountant 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:31 - 2017-01-05 19:31 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Assassin's Creed 2016 720p BrRip x264 - AMIABLE 2017-01-05 13:26 - 2017-01-05 13:26 - 01788501 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (11).zip 2017-01-05 13:26 - 2017-01-05 13:26 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (11) 2017-01-05 13:13 - 2017-01-05 13:13 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (10) 2017-01-05 13:12 - 2017-01-05 13:13 - 01786926 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (10).zip 2017-01-05 11:48 - 2017-01-05 11:48 - 01784736 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (9).zip 2017-01-05 11:48 - 2017-01-05 11:48 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (9) 2017-01-05 10:46 - 2017-01-05 10:46 - 01784687 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (8).zip 2017-01-05 10:46 - 2017-01-05 10:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (8) 2017-01-05 08:01 - 2017-01-05 08:01 - 01784381 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (7).zip 2017-01-05 08:01 - 2017-01-05 08:01 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (7) 2017-01-05 04:29 - 2017-01-05 04:29 - 00010752 _____ C:\WINDOWS\surpluses.exe 2017-01-05 04:29 - 2017-01-05 04:29 - 00010752 _____ C:\Users\Nate Clark Winner\AppData\Local\surpluses.exe 2017-01-04 19:26 - 2017-01-04 19:26 - 01784319 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (6).zip 2017-01-04 19:26 - 2017-01-04 19:26 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (6) 2017-01-04 18:11 - 2017-01-04 18:11 - 00888218 _____ C:\Users\Nate Clark Winner\Downloads\New Doc 11.pdf 2017-01-04 18:10 - 2017-01-04 18:10 - 00487345 _____ C:\Users\Nate Clark Winner\Downloads\New Doc 11_2.pdf 2017-01-04 18:00 - 2017-01-04 18:00 - 00012846 _____ C:\Users\Nate Clark Winner\Desktop\logo.text.colored.svg 2017-01-04 17:56 - 2017-01-04 17:56 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\fontconfig 2017-01-04 17:55 - 2017-01-04 17:55 - 00016412 _____ C:\Users\Nate Clark Winner\Downloads\StayCircles.logo.SVGs.rar 2017-01-04 17:55 - 2017-01-04 17:55 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\StayCircles.logo.SVGs 2017-01-04 17:55 - 2017-01-04 17:55 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\inkscape 2017-01-04 15:50 - 2017-01-04 15:50 - 01784319 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (5).zip 2017-01-04 15:50 - 2017-01-04 15:50 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (5) 2017-01-04 15:30 - 2017-01-04 15:30 - 00000966 _____ C:\Users\Public\Desktop\Inkscape 0.91.lnk 2017-01-04 15:28 - 2017-01-04 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91 2017-01-04 15:28 - 2017-01-04 15:30 - 00000000 ____D C:\Program Files\Inkscape 2017-01-04 15:27 - 2017-01-04 15:28 - 97868152 _____ C:\Users\Nate Clark Winner\Downloads\inkscape-0.91-x64.msi 2017-01-04 15:10 - 2017-01-04 15:10 - 00054107 _____ C:\Users\Nate Clark Winner\Downloads\staycircles.pdf 2017-01-04 14:23 - 2017-01-04 14:23 - 01784319 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (4).zip 2017-01-04 14:23 - 2017-01-04 14:23 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (4) 2017-01-04 13:51 - 2017-01-04 13:51 - 07869892 _____ C:\Users\Nate Clark Winner\Downloads\MSNA20151106546812.pdf 2017-01-04 13:46 - 2017-01-04 13:46 - 01784314 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (3).zip 2017-01-04 13:46 - 2017-01-04 13:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (3) 2017-01-04 12:35 - 2017-01-04 12:35 - 01784269 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (2).zip 2017-01-04 12:35 - 2017-01-04 12:35 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (2) 2017-01-04 08:51 - 2017-01-04 08:51 - 00556478 _____ C:\Users\Nate Clark Winner\Desktop\bandicam 2017-01-04 08-51-02-197.avi 2017-01-03 17:16 - 2017-01-03 17:16 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Search Panels HTML SCSS 2 2017-01-03 12:48 - 2017-01-03 12:48 - 01784023 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (1).zip 2017-01-03 12:48 - 2017-01-03 12:48 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (1) 2017-01-03 11:02 - 2017-01-03 11:03 - 01784926 _____ C:\Users\Nate Clark Winner\Desktop\bandicam 2017-01-03 11-02-52-196.avi 2017-01-03 10:50 - 2017-01-03 10:50 - 01783831 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup.zip 2017-01-03 10:50 - 2017-01-03 10:50 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup 2017-01-02 17:50 - 2017-01-02 17:54 - 18067986 _____ C:\Users\Nate Clark Winner\Downloads\blonde ride - Pornhubcom.mp4 2017-01-02 17:40 - 2017-01-02 17:40 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\09.20.2014 - New Leaked Jennifer Lawrence (J.Law) Nude Pics #thefappening 2017-01-02 17:34 - 2017-01-02 17:38 - 290792728 _____ C:\Users\Nate Clark Winner\Downloads\[BLACKED] Makenna Blue (How To Train a Housewife - 31.12.2016) [tk].mp4 2017-01-02 09:07 - 2017-01-02 09:07 - 01786695 _____ C:\Users\Nate Clark Winner\Downloads\Google Invites.zip 2017-01-02 09:07 - 2017-01-02 09:07 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\email-invite (2) 2017-01-02 08:52 - 2017-01-02 08:52 - 01786552 _____ C:\Users\Nate Clark Winner\Downloads\email-invite (1).zip 2017-01-02 08:52 - 2017-01-02 08:52 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\email-invite (1) 2017-01-01 20:30 - 2017-01-01 20:30 - 01786146 _____ C:\Users\Nate Clark Winner\Downloads\email-invite.zip 2017-01-01 20:30 - 2017-01-01 20:30 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\email-invite 2017-01-01 17:39 - 2017-01-01 17:39 - 01783655 _____ C:\Users\Nate Clark Winner\Downloads\Messages and Mutual StayPals Popup 2.0.zip 2017-01-01 17:39 - 2017-01-01 17:39 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (7) 2017-01-01 16:33 - 2017-01-01 16:33 - 01783650 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (6).zip 2017-01-01 16:33 - 2017-01-01 16:33 - 01783650 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (5).zip 2017-01-01 16:33 - 2017-01-01 16:33 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (6) 2017-01-01 14:40 - 2017-01-01 14:40 - 01783536 _____ C:\Users\Nate Clark Winner\Downloads\Message and Mutual StayPals Popup.zip 2017-01-01 14:40 - 2017-01-01 14:40 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (5) 2017-01-01 12:55 - 2017-01-01 12:55 - 01783278 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (4).zip 2017-01-01 12:55 - 2017-01-01 12:55 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (4) 2017-01-01 12:03 - 2017-01-01 12:03 - 01783361 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (3).zip 2017-01-01 12:03 - 2017-01-01 12:03 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (3) 2017-01-01 02:41 - 2017-01-01 02:41 - 01783256 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (2).zip 2017-01-01 02:41 - 2017-01-01 02:41 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (2) 2017-01-01 02:31 - 2017-01-01 02:32 - 01783256 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (1).zip 2016-12-31 15:54 - 2016-12-31 15:54 - 01783212 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup.zip 2016-12-31 13:06 - 2016-12-31 13:06 - 04889324 _____ C:\Users\Nate Clark Winner\Downloads\Search Panels HTML SCSS 2.zip 2016-12-30 11:35 - 2016-12-30 11:35 - 01785180 _____ C:\Users\Nate Clark Winner\Downloads\Rooms and Places HTML SCSS 2.zip 2016-12-30 11:35 - 2016-12-30 11:35 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (7) 2016-12-30 10:12 - 2016-12-30 10:12 - 01785096 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (6).zip 2016-12-30 10:12 - 2016-12-30 10:12 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (6) 2016-12-30 09:24 - 2016-12-30 09:24 - 01785094 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (5).zip 2016-12-30 09:24 - 2016-12-30 09:24 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (5) 2016-12-30 07:39 - 2016-12-30 07:39 - 01785065 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (4).zip 2016-12-30 07:39 - 2016-12-30 07:39 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (4) 2016-12-29 18:08 - 2016-12-29 18:08 - 00013008 _____ C:\Users\Nate Clark Winner\Downloads\stayproposed-fun.html 2016-12-29 13:01 - 2016-12-29 13:01 - 01783658 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (3).zip 2016-12-29 13:01 - 2016-12-29 13:01 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (3) 2016-12-28 14:29 - 2016-12-28 14:29 - 01783490 _____ C:\Users\Nate Clark Winner\Downloads\Rooms & Places 2.0 HTML-CSS.zip 2016-12-28 14:29 - 2016-12-28 14:29 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Rooms & Places 2.0 HTML-CSS 2016-12-28 12:14 - 2016-12-28 12:14 - 00079345 _____ C:\Users\Nate Clark Winner\Downloads\11541980_10204700202574252_3853786088326288371_n.jpg 2016-12-28 12:12 - 2016-12-28 12:12 - 00106653 _____ C:\Users\Nate Clark Winner\Downloads\Screen Shot 2016-12-28 at 12.08.36 PM.png 2016-12-28 10:59 - 2016-12-28 10:59 - 00419882 _____ C:\Users\Nate Clark Winner\Downloads\MessagePopup - 1.0.zip 2016-12-28 10:59 - 2016-12-28 10:59 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup 2016-12-28 10:54 - 2016-12-28 10:54 - 04828301 _____ C:\Users\Nate Clark Winner\Downloads\Search Panels 1.0.zip 2016-12-27 15:30 - 2016-12-27 15:30 - 00844505 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (2).zip 2016-12-27 15:30 - 2016-12-27 15:30 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (2) 2016-12-26 21:35 - 2016-12-26 21:35 - 00586248 _____ C:\Users\Nate Clark Winner\Downloads\bandicam_2016-12-14_16-55-36-961 (1).avi 2016-12-26 15:33 - 2016-12-26 15:33 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software 2016-12-26 15:32 - 2016-12-26 15:33 - 00000000 ____D C:\Users\Nate Clark Winner\Documents\CoffeeCup Software 2016-12-26 15:32 - 2016-12-26 15:32 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\CoffeeCup Software 2016-12-26 15:31 - 2016-12-26 15:32 - 90690008 _____ C:\Users\Nate Clark Winner\Downloads\CoffeeFreeHTML15.3.exe 2016-12-26 13:32 - 2016-12-26 13:32 - 00069015 _____ C:\Users\Nate Clark Winner\Downloads\test work.zip 2016-12-26 13:32 - 2016-12-26 13:32 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\test work 2016-12-26 12:29 - 2016-12-26 12:29 - 00003872 _____ C:\Users\Nate Clark Winner\Downloads\favicon.02 (1).ico 2016-12-26 08:31 - 2016-12-26 08:31 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\testUSA 2016-12-25 11:54 - 2016-12-25 11:54 - 02232860 _____ C:\Users\Nate Clark Winner\Downloads\photo upload HTML 5.zip 2016-12-25 11:54 - 2016-12-25 11:54 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (5) 2016-12-25 11:29 - 2016-12-25 11:29 - 02232846 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (4).zip 2016-12-25 11:29 - 2016-12-25 11:29 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (4) 2016-12-25 10:41 - 2016-12-25 10:41 - 02232721 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (3).zip 2016-12-25 10:41 - 2016-12-25 10:41 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (3) 2016-12-25 10:10 - 2016-12-25 10:10 - 02232681 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (2).zip 2016-12-25 10:10 - 2016-12-25 10:10 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (2) 2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (1) 2016-12-25 09:30 - 2016-12-25 09:30 - 02232112 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (1).zip 2016-12-25 07:54 - 2016-12-25 07:54 - 01295679 _____ C:\Users\Nate Clark Winner\Downloads\image-upload.zip 2016-12-25 07:54 - 2016-12-25 07:54 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload 2016-12-24 15:43 - 2016-12-24 15:43 - 00025554 _____ C:\Users\Nate Clark Winner\Downloads\demo (1).zip 2016-12-24 15:43 - 2016-12-24 15:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\demo (1) 2016-12-24 06:49 - 2016-12-24 06:49 - 00000000 ____D C:\Users\Nate Clark Winner\Desktop\staycircles 2016-12-23 17:58 - 2016-12-23 17:58 - 00028840 _____ C:\Users\Nate Clark Winner\Downloads\test.zip 2016-12-23 17:58 - 2016-12-23 17:58 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\test 2016-12-23 17:54 - 2016-12-23 17:54 - 00841603 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (1).zip 2016-12-23 17:54 - 2016-12-23 17:54 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (1) 2016-12-23 14:16 - 2016-12-23 14:16 - 00032602 _____ C:\Users\Nate Clark Winner\Downloads\HoneyCo Subscription Terms of Service (Paper Form - Single Use).DOCX 2016-12-23 00:31 - 2016-12-23 00:31 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Highfive 2016-12-22 11:43 - 2016-12-22 11:43 - 00001893 _____ C:\Users\Nate Clark Winner\Downloads\demo.zip 2016-12-22 11:43 - 2016-12-22 11:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\demo 2016-12-22 08:01 - 2016-12-22 08:01 - 00782130 _____ C:\Users\Nate Clark Winner\Downloads\Dashboard - Stays 3.zip 2016-12-22 08:01 - 2016-12-22 08:01 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Dashboard - Stays 3 2016-12-22 07:43 - 2016-12-22 07:43 - 00571346 _____ C:\Users\Nate Clark Winner\Downloads\staycircles.zip 2016-12-22 07:43 - 2016-12-22 07:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles 2016-12-20 19:14 - 2016-12-20 19:14 - 01425618 _____ C:\Users\Nate Clark Winner\Downloads\bandicam 2016-12-20 19-13-20-635.avi 2016-12-20 08:48 - 2016-12-20 08:49 - 89237141 _____ C:\Users\Nate Clark Winner\Downloads\zoom.levels (2).rar 2016-12-20 08:48 - 2016-12-20 08:48 - 07278099 _____ C:\Users\Nate Clark Winner\Downloads\zoom (1).psd 2016-12-19 15:55 - 2016-12-19 15:55 - 00014421 _____ C:\Users\Nate Clark Winner\Downloads\upload_12_2_2016_at_2_43_25_PM.png 2016-12-19 10:52 - 2016-12-19 10:52 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\JAM Software 2016-12-19 10:52 - 2016-12-19 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2016-12-19 10:52 - 2016-12-19 10:52 - 00000000 ____D C:\Program Files (x86)\JAM Software 2016-12-19 10:51 - 2016-12-19 10:51 - 02463272 _____ (JAM Software ) C:\Users\Nate Clark Winner\Downloads\TreeSizeFreeSetup_2000.exe 2016-12-19 10:51 - 2016-12-19 10:51 - 00739972 _____ C:\Users\Nate Clark Winner\Downloads\TreeSizeFree_9x.zip 2016-12-18 13:11 - 2016-12-18 13:11 - 00571836 _____ C:\Users\Nate Clark Winner\Downloads\Screenshot_SmartSelect_2016-12-14-11-29-36.png 2016-12-18 12:28 - 2016-12-18 12:28 - 01858900 _____ C:\Users\Nate Clark Winner\Downloads\Mission.02.rar 2016-12-16 14:19 - 2016-12-16 14:19 - 00023362 _____ C:\Users\Nate Clark Winner\Desktop\Alex Self-Rating.png 2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Infographic 2016-12-16 11:40 - 2016-12-16 11:40 - 15716165 _____ C:\Users\Nate Clark Winner\Downloads\Infographic.zip 2016-12-16 10:28 - 2016-12-16 10:28 - 00003872 _____ C:\Users\Nate Clark Winner\Downloads\favicon.02.ico 2016-12-14 22:09 - 2016-12-14 22:10 - 89237141 _____ C:\Users\Nate Clark Winner\Downloads\zoom.levels (1).rar 2016-12-14 22:09 - 2016-12-14 22:10 - 07278099 _____ C:\Users\Nate Clark Winner\Downloads\zoom.01 2016-12-14 20:34 - 2016-11-22 05:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-12-14 20:34 - 2016-11-22 04:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-12-14 20:34 - 2016-11-22 04:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-12-14 20:34 - 2016-11-22 04:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-12-14 20:34 - 2016-11-22 04:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2016-12-14 20:34 - 2016-11-22 04:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-12-14 20:34 - 2016-11-22 04:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2016-12-14 20:34 - 2016-11-22 04:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-12-14 20:34 - 2016-11-22 04:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-12-14 20:34 - 2016-11-22 04:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-12-14 20:34 - 2016-11-22 04:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-12-14 20:34 - 2016-11-22 03:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-12-14 20:34 - 2016-11-22 03:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-12-14 20:34 - 2016-11-22 03:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe 2016-12-14 20:34 - 2016-11-22 03:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2016-12-14 20:34 - 2016-11-22 03:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2016-12-14 20:34 - 2016-11-22 03:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2016-12-14 20:34 - 2016-11-22 03:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe 2016-12-14 20:34 - 2016-11-22 02:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-12-14 20:34 - 2016-11-22 02:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-12-14 20:34 - 2016-11-22 02:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-12-14 20:34 - 2016-11-22 02:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-12-14 20:34 - 2016-11-22 02:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-12-14 20:34 - 2016-11-22 02:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-12-14 20:34 - 2016-11-22 02:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-12-14 20:34 - 2016-11-22 02:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-12-14 20:34 - 2016-11-22 02:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-12-14 20:34 - 2016-11-22 02:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-12-14 20:34 - 2016-11-22 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-12-14 20:34 - 2016-11-22 02:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-12-14 20:34 - 2016-11-22 02:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-12-14 20:34 - 2016-11-22 02:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-12-14 20:34 - 2016-11-22 01:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-12-14 20:34 - 2016-11-22 01:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2016-12-14 20:34 - 2016-11-22 01:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-12-14 20:34 - 2016-11-22 01:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-12-14 20:34 - 2016-11-22 01:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-12-14 20:34 - 2016-11-22 01:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-12-14 20:34 - 2016-11-22 01:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-12-14 20:34 - 2016-11-22 01:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-12-14 20:34 - 2016-11-22 01:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-12-14 20:34 - 2016-11-22 01:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-12-14 20:34 - 2016-11-22 01:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-12-14 20:34 - 2016-11-22 01:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-12-14 20:34 - 2016-11-22 01:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-12-14 20:34 - 2016-11-22 00:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-12-14 20:34 - 2016-11-22 00:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-12-14 20:34 - 2016-11-22 00:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-12-14 20:34 - 2016-11-22 00:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-12-14 20:34 - 2016-11-22 00:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-12-14 20:34 - 2016-11-22 00:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-12-14 20:34 - 2016-11-22 00:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-12-14 20:34 - 2016-11-22 00:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-12-14 16:56 - 2016-12-14 16:56 - 00586248 _____ C:\Users\Nate Clark Winner\Downloads\bandicam_2016-12-14_16-55-36-961.avi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-06 14:45 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-06 14:42 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF 2017-01-06 14:42 - 2015-09-21 00:15 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-06 14:40 - 2016-03-27 15:09 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B397B85A-1F7C-40F7-8D95-2A93F2F0DF16} 2017-01-06 14:40 - 2014-06-04 06:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-06 14:39 - 2014-06-04 06:52 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-01-06 14:38 - 2016-08-11 13:25 - 00000000 ___RD C:\Users\Nate Clark Winner\Google Drive 2017-01-06 14:37 - 2016-02-16 09:51 - 00000000 ____D C:\Users\Nate Clark Winner 2017-01-06 14:37 - 2016-02-10 19:36 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-01-06 14:36 - 2016-02-27 12:30 - 00000943 _____ C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {8E45308E-5B81-4D48-8C7B-B17ED3592903}.job 2017-01-06 14:36 - 2016-02-16 09:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-06 14:36 - 2016-02-16 09:50 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-06 14:36 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media 2017-01-06 14:36 - 2015-03-06 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-06 14:36 - 2014-06-18 16:43 - 00000441 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2017-01-06 09:25 - 2015-01-07 13:57 - 00000000 ____D C:\FRST 2017-01-06 09:08 - 2016-10-20 13:19 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Slack 2017-01-06 09:08 - 2015-01-09 15:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-01-06 08:34 - 2015-10-30 00:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI 2017-01-06 08:30 - 2016-07-14 08:25 - 00000990 _____ C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA.job 2017-01-06 08:27 - 2014-06-01 07:58 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\vlc 2017-01-06 02:00 - 2015-08-06 18:08 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Adobe 2017-01-05 23:20 - 2015-01-07 14:50 - 00000000 ____D C:\AdwCleaner 2017-01-05 22:05 - 2015-09-21 06:03 - 00002448 _____ C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-05 22:05 - 2015-09-21 06:03 - 00000000 ___RD C:\Users\Nate Clark Winner\OneDrive 2017-01-05 22:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Performance 2017-01-05 21:25 - 2015-06-03 20:00 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-01-05 20:30 - 2014-06-01 07:24 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Packages 2017-01-05 20:22 - 2015-08-23 12:29 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\deluge 2017-01-05 19:55 - 2014-06-04 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-01-05 19:55 - 2014-06-04 06:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-05 19:52 - 2014-06-01 07:28 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-05 16:42 - 2015-01-15 20:51 - 00000000 ____D C:\ProgramData\panda_url_filtering 2017-01-05 09:30 - 2016-07-14 08:25 - 00000938 _____ C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core.job 2017-01-04 15:45 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-04 14:52 - 2016-08-23 09:33 - 00000600 _____ C:\Users\Nate Clark Winner\AppData\Local\PUTTY.RND 2017-01-02 10:52 - 2013-12-16 22:29 - 00000000 ____D C:\ProgramData\Temp 2017-01-02 10:50 - 2014-06-01 16:48 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Spotify 2017-01-02 09:34 - 2014-06-01 16:48 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Spotify 2016-12-26 15:33 - 2014-06-21 11:58 - 00000000 ___RD C:\Users\Nate Clark Winner\Documents 2016-12-23 00:31 - 2016-07-14 08:26 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Deployment 2016-12-23 00:31 - 2016-07-14 08:24 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Highfive 2016-12-22 09:18 - 2016-03-16 08:22 - 00003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1424017197 2016-12-22 09:18 - 2015-02-15 10:20 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-12-22 09:18 - 2015-02-15 10:19 - 00000000 ____D C:\Program Files (x86)\Opera 2016-12-21 09:10 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\assembly 2016-12-21 09:10 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-12-21 09:10 - 2014-06-01 08:23 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-12-20 11:38 - 2016-02-16 09:51 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms 2016-12-20 11:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\catroot2 2016-12-20 11:30 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\CatRoot 2016-12-18 12:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache 2016-12-16 18:46 - 2016-06-03 10:36 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-16 18:46 - 2016-06-03 10:36 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-16 18:24 - 2016-06-03 10:13 - 00003704 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA 2016-12-16 18:24 - 2016-06-03 10:13 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core 2016-12-16 13:48 - 2014-06-01 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-16 13:15 - 2016-02-16 09:48 - 00597528 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-16 13:15 - 2015-10-30 00:28 - 00262144 ___SH C:\Users\Default\NTUSER.DAT 2016-12-16 09:57 - 2014-06-01 08:00 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2016-12-16 09:57 - 2014-06-01 08:00 - 00000000 ____D C:\Program Files\paint.net 2016-12-15 23:17 - 2016-02-16 09:48 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{485596e0-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms 2016-12-15 23:17 - 2016-02-16 09:48 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{485596e0-7ed5-11e5-80df-e41d2d718e10}.TM.blf 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\en-US 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Internet Explorer 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Internet Explorer 2016-12-15 23:16 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\DriverStore 2016-12-15 23:14 - 2014-07-06 19:20 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Skype 2016-12-15 14:24 - 2016-01-17 10:07 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-12-15 14:24 - 2015-10-30 00:28 - 00000000 ____D C:\Program Files (x86)\Common Files 2016-12-15 14:24 - 2014-07-06 19:20 - 00000000 ____D C:\ProgramData\Skype 2016-12-14 21:28 - 2014-06-04 08:45 - 00262144 _____ C:\Users\Public\NTUSER.DAT 2016-12-14 20:24 - 2014-06-01 07:32 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-14 20:21 - 2016-10-20 13:19 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies 2016-12-14 20:21 - 2016-10-20 13:18 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\slack 2016-12-14 20:21 - 2015-08-12 20:18 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\SquirrelTemp 2016-12-14 16:50 - 2015-10-24 06:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-12-14 16:49 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-14 16:46 - 2014-06-01 08:31 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-14 16:43 - 2014-06-01 08:31 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-11 17:03 - 2015-10-30 01:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-11 17:03 - 2015-10-30 01:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2016-06-11 10:50 - 2016-07-14 19:05 - 0000034 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\AdobeWLCMCache.dat 2015-11-19 15:24 - 2016-09-03 15:36 - 0000096 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\Camdata.ini 2015-11-19 15:24 - 2016-09-03 15:36 - 0000408 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\CamLayout.ini 2015-11-19 15:24 - 2016-09-03 15:36 - 0000408 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\CamShapes.ini 2015-11-19 15:24 - 2016-09-03 15:36 - 0004547 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\CamStudio.cfg 2015-11-19 15:23 - 2016-09-03 14:51 - 0000096 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\version2.xml 2016-02-10 20:37 - 2016-02-10 20:37 - 0000046 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\WB.CFG 2017-01-05 19:44 - 2017-01-05 19:44 - 0000001 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\XSLvRF 2016-08-23 09:33 - 2017-01-04 14:52 - 0000600 _____ () C:\Users\Nate Clark Winner\AppData\Local\PUTTY.RND 2017-01-05 20:26 - 2017-01-05 20:26 - 0001840 _____ () C:\Users\Nate Clark Winner\AppData\Local\recently-used.xbel 2015-12-08 23:13 - 2015-12-08 23:13 - 0000017 _____ () C:\Users\Nate Clark Winner\AppData\Local\resmon.resmoncfg 2017-01-05 04:29 - 2017-01-05 04:29 - 0010752 _____ () C:\Users\Nate Clark Winner\AppData\Local\surpluses.exe 2015-01-06 17:08 - 2015-01-06 17:08 - 0138414 _____ () C:\ProgramData\1420585157.bdinstall.bin 2015-01-06 22:41 - 2015-01-06 22:41 - 0185956 _____ () C:\ProgramData\1420605589.bdinstall.bin 2015-01-07 16:40 - 2015-01-07 16:40 - 0037669 _____ () C:\ProgramData\1420670400.bdinstall.bin 2015-01-07 16:40 - 2015-01-07 16:40 - 0098109 _____ () C:\ProgramData\1420670401.bdinstall.bin 2015-01-15 20:36 - 2015-01-15 20:49 - 0012394 _____ () C:\ProgramData\1421375812.1868.bin 2015-01-15 20:37 - 2015-01-15 20:49 - 0009919 _____ () C:\ProgramData\1421375812.2476.bin 2015-01-15 20:37 - 2015-01-15 20:49 - 0013719 _____ () C:\ProgramData\1421375812.2524.bin 2015-01-15 20:36 - 2015-01-15 21:38 - 0003499 _____ () C:\ProgramData\1421375812.2876.bin 2015-01-15 20:49 - 2015-01-15 20:49 - 0029598 _____ () C:\ProgramData\1421375812.2920.bin 2015-01-15 20:36 - 2015-01-15 21:11 - 0049209 _____ () C:\ProgramData\1421375812.3220.bin 2015-01-15 20:37 - 2015-01-15 20:49 - 0002538 _____ () C:\ProgramData\1421375812.3312.bin 2015-01-15 20:37 - 2015-01-15 20:37 - 0000507 _____ () C:\ProgramData\1421375812.6100.bin 2016-02-16 09:50 - 2016-02-16 09:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-16 22:32 - 2013-12-16 22:32 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-12-16 22:29 - 2013-12-16 22:30 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-12-16 22:30 - 2013-12-16 22:31 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-12-16 22:29 - 2013-12-16 22:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-12-16 22:31 - 2013-12-16 22:32 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some files in TEMP: ==================== C:\Users\Nate Clark Winner\AppData\Local\Temp\bdfilters.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\cpa.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\cubecc.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\FoxitUpdater.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u111-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\libeay32.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\msvcr120.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\SkypeSetup.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\sqlite3.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\vlc-2.2.4-win64.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\wait.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\windows.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\XvidCod.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-05 11:58 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017 Ran by Nate Clark Winner (06-01-2017 09:26:16) Running from C:\Users\Nate Clark Winner\Desktop\New folder Windows 10 Home Version 1511 (X64) (2016-02-16 16:01:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2179773923-3527668487-1133873981-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2179773923-3527668487-1133873981-503 - Limited - Disabled) Guest (S-1-5-21-2179773923-3527668487-1133873981-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2179773923-3527668487-1133873981-1006 - Limited - Enabled) Nate Clark Winner (S-1-5-21-2179773923-3527668487-1133873981-1001 - Administrator - Enabled) => C:\Users\Nate Clark Winner nates (S-1-5-21-2179773923-3527668487-1133873981-1009 - Limited - Enabled) => C:\Users\nates UpdatusUser (S-1-5-21-2179773923-3527668487-1133873981-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.2.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF01}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CoffeeCup Free HTML Editor (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\CoffeeCup Free HTML Editor) (Version: - ) Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - ) Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.) Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.) GitHub (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.0.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) Herramientas de corrección de Microsoft Office 2016: español (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Highfive Outlook Add-in (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\89B5488E8FEA2BBC6B82A8A5CB989064D4CA4BBE) (Version: 1.54.0.6 - Highfive) HighfiveApp (HKLM-x32\...\{54530292-7167-4050-8982-5CC77500545D}) (Version: 1.54.0.6 - Highfive) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio Professional 2016 (HKLM-x32\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mobizen (HKLM-x32\...\{BA0D3A44-BCEE-4C8B-BCD4-F7F1E64F41E3}) (Version: 2.21.1.2 - RSUPPORT) Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) (HKLM\...\Creative OEM005) (Version: - ) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden OpenTTD 1.4.4 (HKLM-x32\...\OpenTTD) (Version: 1.4.4 - OpenTTD) Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software) Outils de vérification linguistique 2016 de Microsoft Office - Français (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC) Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security) Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge) PdfMerge (HKLM-x32\...\{238BE990-A412-4129-A434-D03B1A9E396E}) (Version: 1.22.0 - PdfMerge) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Python 3.5.1 (32-bit) (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation) Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) R for Windows 3.1.2 (HKLM\...\R for Windows 3.1.2_is1) (Version: 3.1.2 - R Core Team) Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Screen Recorder Launcher (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\ScreenRecorderLauncher) (Version: 1.7 - ) Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 2.6.9 - Estmob Inc.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Slack (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\slack) (Version: 2.3.2 - Slack Technologies) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) Spotify (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TreeSize Free V2.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.4 - JAM Software) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Засоби перевірки правопису Microsoft Office 2016 – українська (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00DE61BF-FB22-4C36-AD0B-6C3BB2A650C5} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION Task: {030DBD61-6F78-4D7B-998A-FF5E4BDB1A5C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {03E5C09A-333D-4F33-A900-4D23B7710FF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {05083265-595F-409A-89BA-165FB05B0CF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {0A9CA761-E23C-452E-BBB5-3A07F2107B72} - \{A2F202EF-DBBD-4C47-9FC7-98564731B3E6} -> No File <==== ATTENTION Task: {10FFAE46-30D0-40F7-8993-8E4BEBF1F02B} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {1450AF5B-44FA-423C-9B14-987637F259D0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {1B1352BA-1A8A-47FB-ADB6-6E1262606C55} - System32\Tasks\SafeZone scheduled Autoupdate 1483670807 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {24B226C7-0D81-4DA1-9C19-D69E4D62786F} - System32\Tasks\AdobeAAMUpdater-1.0-yawhoobeast-Nate Clark Winner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated) Task: {270F5625-F4AE-48F0-9371-3B07DFBB541B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {2C598B5E-B11A-4DDF-B458-270D8CCE724C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {2F358E96-8776-42AC-8F1F-8B66349B8B7D} - \Private Internet Access Startup -> No File <==== ATTENTION Task: {34EA08EF-CCFB-4A20-A77E-FEB57612D844} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3BBC935F-EE27-4ABD-862D-98B56A519EE6} - System32\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe [2016-07-14] (Highfive) Task: {3DD93E5A-5F17-4974-B11B-141FC9CED6FF} - System32\Tasks\bak21598691k21598691 => C:\Program Files (x86)\gutless\gutless.exe [2017-01-05] (overburdened) Task: {42AFEE16-ABDE-437C-803C-3AF71B203849} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {471EDC11-099B-4B0F-97FB-55F04A015537} - System32\Tasks\Opera scheduled Autoupdate 1424017197 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software) Task: {487879FE-42B0-4382-A02B-AC3002234CD2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe Task: {509FF792-C959-43DC-9263-62413ADFC438} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5154FA12-A288-4609-B4B0-A51306E982A0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {5B0587E8-EE99-4A07-98C4-6372ABA58F81} - System32\Tasks\ba65832336583233 => C:\Program Files (x86)\Simulated\surpluses.exe [2017-01-05] () Task: {60E104BD-9875-4F70-A81D-8AF5BCE9FE0D} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {62F4D559-ED82-41E9-80EC-B536051F4342} - \IEError -> No File <==== ATTENTION Task: {6ABC12A7-AE71-42C0-B827-289EFE6FD444} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6EA7922F-08CC-4F12-84B4-ECAEE9FE7D8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {89034AB9-CB6B-44D7-AD7C-4799F991D610} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {91B799C3-29FD-4840-8193-E893919A1B5C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {94ECDBFC-1B45-4165-A218-F9DD1F28A046} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation) Task: {976B9CC6-89A8-4611-B4C6-B7D834B81D1F} - \EPSON WF-2650 Series Update {8E45308E-5B81-4D48-8C7B-B17ED3592903} -> No File <==== ATTENTION Task: {A3F65BF7-F215-4F27-AF96-3387B7CF6C4A} - System32\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe [2016-07-14] (Highfive) Task: {A4E5E80A-6C7F-453A-B4D8-3BC4AD31179F} - \KMSAuto -> No File <==== ATTENTION Task: {B28ED57D-4B20-4E44-909F-0DA1DDC7D158} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core => C:\Users\Nate Clark Winner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B392EED9-F19A-42EB-8F99-286C20BE194E} - \CLVDLauncher -> No File <==== ATTENTION Task: {B71C5176-D9B8-473D-BB23-769F27D9FFDF} - \CLMLSvc_P2G8 -> No File <==== ATTENTION Task: {BAE8CC12-9940-43C4-992E-74C1766D5E55} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA => C:\Users\Nate Clark Winner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {BD496921-B0C2-4D12-A418-EFBE4A5B465F} - \6583233 -> No File <==== ATTENTION Task: {C5CFF38E-1F9F-4362-9507-0709204D250C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {CE9CB07C-1C0A-4FC7-881A-CAF33EB31376} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D069B8CC-EBF9-4F10-951A-C61D0FF75D93} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {D136072D-AA37-4A24-902C-AC8D44CD245A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-05] (AVAST Software) Task: {D6BA6F03-D7C5-4269-955B-567F608F2B2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {DD4C3C85-C919-498C-B434-4B8656BA4707} - \Optimize Start Menu Cache Files-S-1-5-21-2179773923-3527668487-1133873981-1001 -> No File <==== ATTENTION Task: {EFDAFDA2-AE5F-4CBC-94A8-12360B41FC30} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon -> No File <==== ATTENTION Task: {FE89B928-91DF-40F2-BEB3-2435A38E1727} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {8E45308E-5B81-4D48-8C7B-B17ED3592903}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{8E45308E-5B81-4D48-8C7B-B17ED3592903} /F:Update WORKGROUP\YAWHOOBEAST$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core.job => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA.job => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54006d977149216d\SMS from Gmail™ & Facebook™ (MightyText).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iffdacemhfpnchinokehhnppllonacfj ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-16 09:50 - 2015-08-06 18:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-05 07:46 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-12-16 22:31 - 2012-04-24 20:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-06-01 10:27 - 2011-08-18 15:53 - 00625728 _____ () C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe 2014-11-07 09:06 - 2014-11-06 19:06 - 01016104 _____ () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe 2016-11-09 22:00 - 2016-10-25 03:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 08819438 _____ () C:\Program Files\pia_manager\pia_manager.exe 2016-11-09 22:00 - 2016-10-25 03:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-01-05 22:04 - 2017-01-05 22:04 - 01678560 _____ () C:\Users\Nate Clark Winner\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2016-07-26 03:57 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-04-18 17:35 - 2016-04-18 17:35 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-16 11:45 - 2016-02-16 11:45 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 06:10 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-09-09 07:09 - 2016-06-09 11:37 - 05555896 _____ () C:\Program Files (x86)\Send Anywhere\sendanywhere.exe 2017-01-05 04:29 - 2017-01-05 04:29 - 00068793 _____ () C:\Program Files (x86)\unquantified\granada.exe 2016-11-09 22:01 - 2016-10-24 22:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 22:00 - 2016-10-24 22:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 22:01 - 2016-10-24 22:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 22:01 - 2016-10-24 22:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-01-05 04:29 - 2017-01-05 04:29 - 00010752 _____ () C:\Program Files (x86)\Simulated\surpluses.exe 2017-01-05 20:37 - 2017-01-05 20:37 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-06 07:22 - 2017-01-06 07:22 - 03070464 _____ () C:\Program Files\AVAST Software\Avast\defs\17010600\algo.dll 2017-01-05 20:37 - 2017-01-05 20:37 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2013-04-12 11:23 - 2013-04-12 11:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2016-04-18 17:35 - 2016-04-18 17:35 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 17:35 - 2016-04-18 17:35 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2017-01-05 22:04 - 2017-01-05 22:04 - 01244376 _____ () C:\Users\Nate Clark Winner\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2016-09-09 07:09 - 2014-12-22 00:07 - 00119822 _____ () C:\Program Files (x86)\Send Anywhere\libgcc_s_dw2-1.dll 2016-09-09 07:09 - 2014-12-22 00:07 - 01026062 _____ () C:\Program Files (x86)\Send Anywhere\libstdc++-6.dll 2017-01-06 14:37 - 2017-01-06 14:37 - 00098816 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32api.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00110080 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\pywintypes27.dll 2017-01-06 14:37 - 2017-01-06 14:37 - 00364544 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\pythoncom27.dll 2017-01-06 14:37 - 2017-01-06 14:37 - 00320512 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32com.shell.shell.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00914432 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_hashlib.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 01176576 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._core_.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00806400 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._gdi_.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00816128 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._windows_.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 01067008 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._controls_.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00733184 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._misc_.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00682496 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\pysqlite2._sqlite.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00088064 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_ctypes.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00686080 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\unicodedata.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00119808 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32file.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00108544 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32security.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00007168 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\hashobjs_ext.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00017920 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\thumbnails_ext.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00088064 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\usb_ext.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00012800 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\common.time34.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00018432 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32event.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00167936 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32gui.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00046080 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_socket.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 01303552 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_ssl.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00128512 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_elementtree.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00127488 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\pyexpat.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00038912 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32inet.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00036864 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_psutil_windows.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00524248 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\windows._lib_cacheinvalidation.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00011264 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32crypt.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00123392 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._wizard.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00077312 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._html2.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00027648 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_multiprocessing.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00020480 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\_yappi.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00035840 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32process.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00078848 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\wx._animate.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00024064 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32pipe.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00010240 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\select.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00025600 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32pdh.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00017408 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32profile.pyd 2017-01-06 14:37 - 2017-01-06 14:37 - 00022528 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI68482\win32ts.pyd 2017-01-05 20:37 - 2017-01-05 20:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-16 22:30 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2016-07-26 03:57 - 2016-05-24 09:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-12-14 20:24 - 2016-12-08 01:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-14 20:24 - 2016-12-08 01:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2017-01-06 14:37 - 2017-01-06 14:37 - 00012800 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00009728 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00014848 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\src\rgloader\rgloader193.mswin.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00009216 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00126976 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00087552 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00016384 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00127316 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\bin\libffi-6.dll 2017-01-06 14:37 - 2017-01-06 14:37 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00013312 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2017-01-06 14:37 - 2017-01-06 14:37 - 00095744 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00026624 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrB2C5.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00012800 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00009728 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00014848 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\src\rgloader\rgloader193.mswin.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00118784 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00069120 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00083968 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\bin\zlib1.dll 2017-01-06 14:38 - 2017-01-06 14:38 - 00026624 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00275968 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00015360 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00008192 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00009216 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00023552 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00036352 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00126976 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00087552 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00016384 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00127316 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\bin\libffi-6.dll 2017-01-06 14:38 - 2017-01-06 14:38 - 00013312 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00095744 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2017-01-06 14:38 - 2017-01-06 14:38 - 00026624 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocrD982.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2013-12-16 22:22 - 2013-07-16 19:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [272] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2016-09-03 14:55 - 00001135 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Ralink Wireless Utility.lnk" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{26D8F124-0ECA-4829-842F-0468B96CE323}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{236B6C82-800E-4EA3-8647-3E9C0EE69D61}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{0A07CEA7-D58C-46B5-9D49-E6033D95970C}] => C:\Program Files (x86)\pandasecuritytb\cleanupie.exe FirewallRules: [{6F8671E6-8B55-4867-ABCA-D1612755A91A}] => C:\Program Files (x86)\pandasecuritytb\cleanupie.exe FirewallRules: [{99FC3B3E-C185-4CA9-9A48-672D4C2DD69B}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{F379F3A6-6F28-40F5-B46E-82139FA4CDB5}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{99BE99FB-E406-421D-BDE4-10ADCD0D0213}] => %systemroot%\system32\alg.exe FirewallRules: [{1B0ED2E1-8609-4518-B77D-0E4ABE6B186C}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{1A946F40-8EE9-4CCF-A662-E6591E4C47DA}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{2A451059-4736-4930-B482-C34F11D79F80}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{20F5DB2D-C34F-4EC9-ACA5-7B223BD40781}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{FAA4A29B-4174-4843-88E2-59AB741BDCA3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{000B8F5B-0B75-49E9-AF02-F6E25351427E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{4ED6D708-2041-4B9F-809D-4F2E8C21D043}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [TCP Query User{8DC124F1-7117-4006-BAD7-93E0B88FB640}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{29C2318F-A404-45DA-B42A-7A17142F1A01}] => C:\Program Files (x86)\uTorrent\utorrent.exe FirewallRules: [{AF1AAE1B-17F1-4E94-A6CD-222E004114FF}] => C:\Program Files (x86)\uTorrent\utorrent.exe FirewallRules: [UDP Query User{299DBDD7-F3D3-4365-AFD3-94D73585E8E2}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{D2F8E984-DF02-4094-9B4F-17E15D85F358}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [{54FBCFDA-BF75-4E26-AC0B-A92746C3854E}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C2E7B7EF-3B2A-4A60-B44D-BD5CAF1E2409}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{A946BAB1-A475-4893-A0BD-FF9026750B92}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [UDP Query User{5CE5329F-EB01-40AE-A365-56E420E323A4}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{DF80AF91-64B7-47C1-AA26-91DC4B103F1A}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [{FAB75933-C1B0-47D6-90D0-2CBDADD8A5C8}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{8DE0111D-0B7E-44DC-96C4-7B5BA074B9FE}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{EF13EF5A-56C5-4143-A2DB-9D23C189C1A3}] => C:\Users\Nate Clark Winner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A611E025-E446-477F-B2BE-D374AAE65504}] => C:\Users\Nate Clark Winner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{768AECE7-805A-4D8C-B7B9-D6D8005C81AD}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{EBCCACBF-C4AA-4DCF-8574-F64B0AA64102}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{CB102D14-F2B3-4566-93D8-55973B778DB1}] => C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [{92941A84-54BE-43C6-9979-BE36CB1DC714}] => C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [{62EDC3DD-B726-441A-B768-D718E716D938}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{C7CB20EA-6C0D-454B-923A-3E65BA2C87B3}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{6E1E1E50-8A87-4A16-8011-92EF4C1DB16B}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{509F0700-760A-4215-BFDA-12E35562F505}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{3E5F8F72-6909-4FB2-AA65-B67A8EB14FB5}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{0A84D942-4D9F-4FF7-9263-739559C26BB8}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{A6166341-A688-4FB9-B714-E1455376B278}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{31184A71-EE31-48F4-9C82-782A542F4B4D}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{60D7A981-1039-443A-A243-9D92D94D0925}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{43EAD9FC-EC91-41A9-8342-EFBAF1D50F2F}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{AD073676-0C1A-4CE8-BBAF-2D8359E7A96A}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{EB70A3A4-122E-4DD3-A52B-58B5B624B642}] => C:\Users\Nate Clark Winner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{F6838F91-B571-4899-B96A-CA17A7648453}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C4CE128D-AEC1-4C55-8428-D484A94C88C3}] => LPort=2869 FirewallRules: [{7312EA7D-21BE-4CF7-A429-C7FA74F5DFCA}] => LPort=1900 FirewallRules: [TCP Query User{BAD8CF1D-A56F-4E07-94E1-E7A8D1CCA458}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{C50ED715-9B46-407C-8024-8C0B7EBECD2D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{26005133-7033-4A5B-92E4-23E327A978D1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{9D13AA8A-A72D-42E0-9184-23E63FA27D43}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{42F4B9E5-1F30-4EDC-A885-FBFEBEAAFBF9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{35FEFE22-F18D-40FB-A68D-7EAFBB148AC4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{F235EFA7-78FA-4C3E-A69F-2EF6530B7A9E}] => C:\Program Files (x86)\pandasecuritytb\dtUser.exe FirewallRules: [{DDFE6079-DAF4-45AF-93E3-8A206C8A8609}] => C:\Program Files (x86)\pandasecuritytb\dtUser.exe FirewallRules: [{9300BB4F-0B9D-43C0-A306-C8FC6BBE8C85}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{BB36EE43-A785-4FBD-B3D3-25A700E6B148}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [TCP Query User{3E58767A-CA3B-4850-8FEB-4A3E21EFC2F0}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{AAFE8160-A314-4EDA-946F-EE282A69B9FB}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{7FAD852F-CC74-4C0F-80A0-E64D6276A974}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0076B52E-EA60-4E1C-BD7A-BE12893F220A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C38329B4-FC9E-41E7-B180-48AE39B18F8E}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{399A5D93-9A95-4255-A989-F98ABBB0B4E4}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [{8EC21067-CD3F-43B2-B0F8-49ADEE2BE863}] => C:\Users\Nate Clark Winner\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{D44AD3B0-D46B-4143-B0E1-2FD8350DDEB8}] => C:\Users\Nate Clark Winner\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [TCP Query User{F5322E54-EA0F-43C4-9578-CD0C31A52438}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [UDP Query User{B7F884B9-76C4-457D-B8BA-22FAA3264142}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [TCP Query User{58A7B3A3-6409-4799-B743-5D5F9948B4D6}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [UDP Query User{DA8B6FC8-E98D-4388-A1E2-D886A279890E}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [TCP Query User{88BFD784-2603-4796-AC13-DEFD1BC2FF08}C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe] => C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe FirewallRules: [UDP Query User{CEDD19C6-BC4A-4147-9AEC-21E6221F9B00}C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe] => C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe FirewallRules: [TCP Query User{78C5C798-8307-4957-9707-6A0EE0BC6FC9}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{4CFAF19D-17D0-497E-A031-875791498F34}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [{B41269E2-B90C-49B5-AC1B-19DA83DF4AFD}] => %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe FirewallRules: [{842D9588-DB4B-4BA7-9D56-C9CD76F9CB43}] => %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe FirewallRules: [{6AAF9239-917F-4C97-8D6A-CA2611F246FF}] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe FirewallRules: [{965B8456-10A7-4849-98D2-9B8E0DD91981}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1546DBB5-BD21-450D-B01D-F69E6E296A9E}] => C:\Program Files (x86)\Simulated\surpluses.exe FirewallRules: [{8803B479-6203-454F-977F-DA727CB75E75}] => C:\Program Files (x86)\Navajos\surpluses.exe ==================== Restore Points ========================= 22-12-2016 17:00:31 Scheduled Checkpoint 26-12-2016 15:32:18 Installed Microsoft Visual C++ 2005 Redistributable 03-01-2017 14:02:18 Scheduled Checkpoint 04-01-2017 15:28:32 Installed Inkscape 0.91 05-01-2017 20:38:28 Removed Traffic Exchange ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/05/2017 11:21:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f Faulting module name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f Exception code: 0xc0000005 Fault offset: 0x00025ae8 Faulting process id: 0xb94 Faulting application start time: 0x01d267dcb262be3f Faulting application path: C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe Faulting module path: C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe Report Id: f2092c57-2397-43fa-95fe-67b525fd3a08 Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 10:55:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f Faulting module name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f Exception code: 0xc0000005 Fault offset: 0x00025ae8 Faulting process id: 0xde0 Faulting application start time: 0x01d267d9124475f3 Faulting application path: C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe Faulting module path: C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe Report Id: d9ec1ad0-9a09-495d-8834-e6c02ef7a8fe Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 10:07:03 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files\r\r-3.1.2\tcl\bin64\tk85.dll".Error in manifest or policy file "c:\program files\r\r-3.1.2\tcl\bin64\tk85.dll" on line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (01/05/2017 10:05:37 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2017 09:53:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:53:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:39:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dw20.exe version 2.0.50727.8670 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1aec Start Time: 01d267cd141de97d Termination Time: 17115 Application Path: C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\dw20.exe Report Id: b0e3b5cd-d3c1-11e6-bf1e-342387b1777c Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 09:36:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:22:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PSUAMain.exe, version: 4.0.0.646, time stamp: 0x56291049 Faulting module name: CC3290MT.DLL, version: 9.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000193ee Faulting process id: 0x1378 Faulting application start time: 0x01d267cc1edeac15 Faulting application path: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe Faulting module path: C:\Program Files (x86)\Panda Security\Panda Security Protection\CC3290MT.DLL Report Id: 370fba8a-25f6-494d-b8c0-af1b2ac5d4fc Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 09:08:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (01/06/2017 02:38:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (01/06/2017 08:34:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_61902 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/06/2017 08:34:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_61902 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/06/2017 08:34:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_61902 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/06/2017 08:34:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_61902 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/05/2017 11:23:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (01/05/2017 11:21:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Ralink UPnP Media Server service terminated unexpectedly. It has done this 1 time(s). Error: (01/05/2017 11:20:50 PM) (Source: DCOM) (EventID: 10010) (User: yawhoobeast) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. Error: (01/05/2017 11:20:50 PM) (Source: DCOM) (EventID: 10010) (User: yawhoobeast) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. Error: (01/05/2017 11:20:50 PM) (Source: DCOM) (EventID: 10010) (User: yawhoobeast) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-01-05 20:40:22.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-26 17:12:57.564 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-16 13:15:45.356 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-15 00:19:10.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-12 19:15:34.369 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-12 13:13:26.852 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-09 22:32:50.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-29 19:13:30.127 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-14 13:47:26.142 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-13 14:37:23.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 38% Total physical RAM: 12239.23 MB Available physical RAM: 7526.82 MB Total Virtual: 21967.23 MB Available Virtual: 15866.24 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:153.13 GB) (Free:30.81 GB) NTFS Drive e: (Adobe PS CC 2015) (CDROM) (Total:1.63 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 0024EDD7) Partition: GPT. ==================== End of Addition.txt ============================

"Scan finished, no Malware found" ping.exe is still in my ask manager taking 25% of my CUP and 1gb of memory...

I'm currently running Malwarebyes Anti-Rootkit BETA v1.09.3.1001. I will post results when done.

I've just run Malwarebytes Anti Malware 2.2.1.1.1043. Here are results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/6/2017 Scan Time: 8:11 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.01.06.05 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Nate Clark Winner Scan Type: Threat Scan Result: Completed Objects Scanned: 526214 Time Elapsed: 21 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0DA2A098-5EE9-43FB-8D3D-5A5DDB6E287B}, , [1e8fa7d1bfe96ccabce5dbc7a35f17e9], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0F7EA3EB-1659-4E15-967B-F1519EDA2FEB}, , [505d66128424fb3bd7cbf7ab857d2ed2], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{42743DEC-6872-40FE-B761-581DE20A449E}, , [268781f7ecbcce68237f4062dd25966a], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44AA3544-B251-4904-8889-E1928B8BE165}, , [f4b9641474341026f2af346eca385aa6], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{98537C04-6969-4F5A-8356-A956CA5C1FE1}, , [822b5127a800ca6c917f712532d16e92], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ba2159869121598691, , [ffae0b6d38704bebb8ed7131f60c4cb4], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ba5456956054569560, , [852804741c8c86b0b9ec1a885ba7e41c], PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\k21598691, , [dbd28aee3078d066ce430a8ca0632fd1], Registry Values: 5 PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0DA2A098-5EE9-43FB-8D3D-5A5DDB6E287B}|Path, \54569560, , [1e8fa7d1bfe96ccabce5dbc7a35f17e9] PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0F7EA3EB-1659-4E15-967B-F1519EDA2FEB}|Path, \ba5456956054569560, , [505d66128424fb3bd7cbf7ab857d2ed2] PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{42743DEC-6872-40FE-B761-581DE20A449E}|Path, \ba2159869121598691, , [268781f7ecbcce68237f4062dd25966a] PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44AA3544-B251-4904-8889-E1928B8BE165}|Path, \21598691, , [f4b9641474341026f2af346eca385aa6] PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{98537C04-6969-4F5A-8356-A956CA5C1FE1}|Path, \k21598691, , [822b5127a800ca6c917f712532d16e92] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Hi Team! Thanks in advance for your help getting this off my computer. Here are my initial FRST64 Logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017 Ran by Nate Clark Winner (administrator) on YAWHOOBEAST (05-01-2017 23:12:54) Running from C:\Users\Nate Clark Winner\Desktop\New folder Loaded Profiles: Nate Clark Winner (Available Profiles: Nate Clark Winner & UpdatusUser & nates & Administrator & Guest) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe () C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe ( Rsupport Corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Microsoft Corporation) C:\WINDOWS\System32\alg.exe () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe () C:\Program Files\pia_manager\pia_manager.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Rsupport corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Facebook Inc.) C:\Users\Nate Clark Winner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\Send Anywhere\sendanywhere.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\unquantified\granada.exe (Creative Technology Ltd.) C:\WINDOWS\OEM05Mon.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Slack Technologies) C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\slack.exe (Slack Technologies) C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\slack.exe (Slack Technologies) C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\slack.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (Slack Technologies) C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\slack.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Slack Technologies) C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\slack.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Slack Technologies) C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\slack.exe (hxxp://www.ruby-lang.org/) C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\bin\rubyw.exe () C:\Program Files\pia_manager\pia_manager.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (hxxp://www.ruby-lang.org/) C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\bin\rubyw.exe () C:\Program Files\pia_manager\pia_tray\pia_tray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Simulated\surpluses.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [chided] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKLM\...\Run: [chidedchided] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [OEM05Mon.exe] => C:\WINDOWS\OEM05Mon.exe [36864 2007-05-08] (Creative Technology Ltd.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [psyche] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKLM-x32\...\Run: [psychepsyche] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-05] (AVAST Software) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe, HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Spotify Web Helper] => C:\Users\Nate Clark Winner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-22] (Spotify Ltd) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Google Update] => C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Facebook Update] => C:\Users\Nate Clark Winner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-21] (Facebook Inc.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [DownloadAccelerator] => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [Highfive Update] => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe [117192 2016-07-14] (Highfive) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [SendAnywhere] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe [5555896 2016-06-09] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [summoned] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [summonedsummoned] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [gumbs] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [gumbsgumbs] => C:\Program Files (x86)\Navajos\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [granada] => C:\Program Files (x86)\unquantified\granada.exe [68793 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Run: [washrooms] => C:\Program Files (x86)\Simulated\surpluses.exe [10752 2017-01-05] () HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\MountPoints2: E - "E:\Autoplay.exe" -auto HKU\S-1-5-18\...\Run: [] => 0 ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-05] (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2014-06-01] ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-26] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\resa.lnk [2017-01-05] ShortcutTarget: resa.lnk -> C:\Program Files (x86)\Simulated\surpluses.exe () Startup: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-12-14] ShortcutTarget: Slack.lnk -> C:\Users\Nate Clark Winner\AppData\Local\slack\Update.exe () BootExecute: autocheck autochk * bootdelete GroupPolicyScripts-x32: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{21d84fe9-af96-4798-9241-39d4a30ed39c}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{951fdce8-9634-49a8-8b67-c77cc3908a59}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{eb1b79c3-5a84-43b6-b52e-5c93a110f7cd}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Internet Explorer: ================== HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-46ed77ce HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-46ed77ce&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-46ed77ce&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-46ed77ce&q={searchTerms} SearchScopes: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation) BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation) Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: p10mzcwz.default FF ProfilePath: C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\Firefox\Profiles\p10mzcwz.default [2017-01-05] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p10mzcwz.default -> Google FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\p10mzcwz.default -> Search Provided by Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p10mzcwz.default -> Google FF Homepage: Mozilla\Firefox\Profiles\p10mzcwz.default -> hxxps://www.google.com/?bcutc=sp-006 FF DefaultSearchUrl: Mozilla\Firefox\Profiles\p10mzcwz.default -> hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\p10mzcwz.default -> Google FF Keyword.URL: Mozilla\Firefox\Profiles\p10mzcwz.default -> hxxps://www.google.com/search?bcutc=sp-006 FF NewTab: Mozilla\Firefox\Profiles\p10mzcwz.default -> about:newtab FF Extension: (Firefox Hotfix) - C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\Firefox\Profiles\p10mzcwz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-16] FF SearchPlugin: C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\Firefox\Profiles\p10mzcwz.default\searchplugins\google-avast.xml [2017-01-05] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-05] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @highfive.com/nphighfive_launcher_prod -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Application\v1.54.0-6-g61f5640\plugins\nphighfive_launcher_prod.dll [2016-11-23] (Highfive) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nate Clark Winner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @talk.google.com/O1DPlugin -> C:\Users\Nate Clark Winner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.start.highfive.com:443/Highfive Update;version=3 -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\1.3.23.0\npGoogleUpdate3.dll [2016-07-14] (Highfive) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: @tools.start.highfive.com:443/Highfive Update;version=9 -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\1.3.23.0\npGoogleUpdate3.dll [2016-07-14] (Highfive) FF Plugin HKU\S-1-5-21-2179773923-3527668487-1133873981-1001: highfive.com/highfive_launcher_prod -> C:\Users\Nate Clark Winner\AppData\Local\Highfive\Application\v1.54.0-6-g61f5640\plugins\nphighfive_launcher_prod.dll [2016-11-23] (Highfive) FF Plugin ProgramFiles/Appdata: C:\Users\Nate Clark Winner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Nate Clark Winner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://gmail.com/","hxxp://voice.google.com/","hxxp://calendar.google.com/","hxxps://www.facebook.com/","hxxp://www.washingtonpost.com/","hxxp://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.7.598&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-46ed77ce" CHR Profile: C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default [2017-01-05] CHR Extension: (Google Slides) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Popup Notifications for Craigslist) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj [2016-12-21] CHR Extension: (Google Docs) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-21] CHR Extension: (YouTube) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-21] CHR Extension: (Google Search) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07] CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-12-21] CHR Extension: (Video Downloader professional) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-12-21] CHR Extension: (Google Sheets) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Avira Browser Safety) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-12-21] CHR Extension: (Google Docs Offline) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-21] CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2016-12-21] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-12-21] CHR Extension: (Sales Prospecting - Datanyze Insider) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlholfadgbpidekmhdibonbjhdmpmafd [2016-12-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-21] CHR Extension: (Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-21] CHR Extension: (Chrome Media Router) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-21] CHR Extension: (Streak CRM for Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-12-21] CHR Profile: C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-05] CHR Extension: (Google Slides) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22] CHR Extension: (Data Compression Proxy) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep [2016-06-03] CHR Extension: (Google Docs) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22] CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apboafhkiegglekeafbckfjldecefkhn [2016-02-08] CHR Extension: (Google Drive) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Adguard AdBlocker) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-22] CHR Extension: (YouTube) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Pushbullet) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-29] CHR Extension: (Gif Delayer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2015-03-22] CHR Extension: (Google Search) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-09-15] CHR Extension: (Timer) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edebbhkhcaafmolanelponjjanocpacd [2015-03-22] CHR Extension: (Better, Faster, Private Browsing) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejddjiiombhjiejeclpkoebbepphohen [2015-08-17] CHR Extension: (Gmail Offline) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-22] CHR Extension: (Google Calendar) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12] CHR Extension: (Video Downloader professional) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-18] CHR Extension: (Google Sheets) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22] CHR Extension: (Avira Browser Safety) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-03] CHR Extension: (HTTPS Everywhere) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-12-21] CHR Extension: (Google Docs Offline) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19] CHR Extension: (MagicScroll eBook Reader) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-22] CHR Extension: (Downloads - Your Download Box) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2016-10-29] CHR Extension: (Yesware Email Tracking) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2017-01-05] CHR Extension: (Imgur to Gfycat) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2015-04-16] CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2016-03-05] CHR Extension: (Grammarly for Chrome) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-02] CHR Extension: (Google Voice (by Google)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-03-22] CHR Extension: (Super Auto Refresh) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkhjakkgopekjlempoplnjclgedabddk [2016-07-30] CHR Extension: (The Great Suspender) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-06] CHR Extension: (Webcam Toy) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-25] CHR Extension: (Linkclump) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2016-12-14] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-11] CHR Extension: (Trillor - a Trello card mirror) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmkimphmamcbhnidjipnihfmoipdhimi [2016-07-12] CHR Extension: (Google Maps) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20] CHR Extension: (Pocket) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-12-08] CHR Extension: (Ghostery) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-02] CHR Extension: (Google Hangouts) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Hover Zoom) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-01-05] CHR Extension: (Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11] CHR Extension: (Chrome Media Router) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR Extension: (RSS Feed Reader) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-12-14] CHR Extension: (Streak CRM for Gmail) - C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-22] CHR HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-05] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation) S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation) R2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [1278280 2016-10-23] ( Rsupport Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed] U2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-05] (AVAST Software) S3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-05] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-05] (AVAST Software) S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-05] (AVAST Software) S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-05] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-05] (AVAST Software) S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-05] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-05] (AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-01-05] () S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-05] (Malwarebytes) R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103824 2015-07-16] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-16] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-16] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120208 2015-07-16] (Panda Security, S.L.) R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112536 2015-07-16] (Panda Security, S.L.) R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-16] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309648 2015-07-16] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179608 2015-07-16] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-16] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-16] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-16] (Panda Security, S.L.) R3 OEM05Vfx; C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.) R3 OEM05Vid; C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys [266720 2007-07-19] (Creative Technology Ltd.) R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.) R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [173464 2015-07-21] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130968 2015-07-21] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207256 2015-07-21] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133528 2015-07-21] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [143768 2015-07-21] (Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117144 2015-07-21] (Panda Security, S.L.) R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-05 23:12 - 2017-01-05 23:12 - 00000000 ____D C:\Users\Nate Clark Winner\Desktop\New folder 2017-01-05 22:53 - 2017-01-05 22:53 - 00006088 _____ C:\WINDOWS\system32\.crusader 2017-01-05 22:05 - 2017-01-05 22:05 - 00003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-05 20:46 - 2017-01-05 22:13 - 00004012 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1483670807 2017-01-05 20:46 - 2017-01-05 22:13 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-01-05 20:46 - 2017-01-05 20:46 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-01-05 20:45 - 2017-01-05 20:45 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-01-05 20:40 - 2017-01-05 20:40 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\AdvinstAnalytics 2017-01-05 20:38 - 2017-01-05 20:38 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-01-05 20:38 - 2017-01-05 20:38 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-05 20:38 - 2017-01-05 20:38 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\AVAST Software 2017-01-05 20:37 - 2017-01-05 20:46 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-01-05 20:37 - 2017-01-05 20:38 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2017-01-05 20:37 - 2017-01-05 20:38 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-01-05 20:37 - 2017-01-05 20:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2017-01-05 20:37 - 2017-01-05 20:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-01-05 20:37 - 2017-01-05 20:37 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2017-01-05 20:30 - 2017-01-05 20:45 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-05 20:30 - 2017-01-05 20:45 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-05 20:29 - 2017-01-05 20:29 - 06334848 _____ (AVAST Software) C:\Users\Nate Clark Winner\Downloads\avast_free_antivirus_setup_online.exe 2017-01-05 20:28 - 2017-01-05 22:55 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-01-05 20:28 - 2017-01-05 22:53 - 00000000 ____D C:\ProgramData\HitmanPro 2017-01-05 20:26 - 2017-01-05 20:26 - 00001840 _____ C:\Users\Nate Clark Winner\AppData\Local\recently-used.xbel 2017-01-05 20:25 - 2017-01-05 20:25 - 03977168 _____ C:\Users\Nate Clark Winner\Downloads\adwcleaner_6.041.exe 2017-01-05 19:55 - 2017-01-05 19:55 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-01-05 19:55 - 2017-01-05 19:55 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\CrashRpt 2017-01-05 19:54 - 2017-01-05 19:55 - 00000000 ____D C:\WINDOWS\system32\SSL 2017-01-05 19:53 - 2017-01-05 19:53 - 00003746 _____ C:\WINDOWS\System32\Tasks\bak21598691k21598691 2017-01-05 19:53 - 2017-01-05 19:53 - 00003734 _____ C:\WINDOWS\System32\Tasks\ba65832336583233 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ___HD C:\Program Files (x86)\unquantified 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ___HD C:\Program Files (x86)\Simulated 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ___HD C:\Program Files (x86)\Navajos 2017-01-05 19:53 - 2017-01-05 19:53 - 00000000 ____D C:\Program Files (x86)\gutless 2017-01-05 19:52 - 2017-01-05 19:52 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Chromium 2017-01-05 19:51 - 2017-01-05 19:51 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-01-05 19:51 - 2017-01-05 19:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-01-05 19:46 - 2017-01-05 19:59 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG 2017-01-05 19:46 - 2017-01-05 19:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\The Great Wall 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:45 - 2017-01-05 22:03 - 00000258 __RSH C:\Users\Nate Clark Winner\ntuser.pol 2017-01-05 19:44 - 2017-01-05 19:44 - 00000001 _____ C:\Users\Nate Clark Winner\AppData\Roaming\XSLvRF 2017-01-05 19:44 - 2017-01-05 19:44 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\tdcut 2017-01-05 19:43 - 2017-01-05 19:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Patriots Day 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:43 - 2017-01-05 19:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Jack Reacher Never Go Back 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:43 - 2017-01-05 19:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Hell Or High Water 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:38 - 2017-01-05 19:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Hacksaw Ridge 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:32 - 2017-01-05 19:33 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\The Accountant 2016 720p BrRip x264 - AMIABLE 2017-01-05 19:31 - 2017-01-05 19:31 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Assassin's Creed 2016 720p BrRip x264 - AMIABLE 2017-01-05 13:26 - 2017-01-05 13:26 - 01788501 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (11).zip 2017-01-05 13:26 - 2017-01-05 13:26 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (11) 2017-01-05 13:13 - 2017-01-05 13:13 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (10) 2017-01-05 13:12 - 2017-01-05 13:13 - 01786926 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (10).zip 2017-01-05 11:48 - 2017-01-05 11:48 - 01784736 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (9).zip 2017-01-05 11:48 - 2017-01-05 11:48 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (9) 2017-01-05 10:46 - 2017-01-05 10:46 - 01784687 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (8).zip 2017-01-05 10:46 - 2017-01-05 10:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (8) 2017-01-05 08:01 - 2017-01-05 08:01 - 01784381 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (7).zip 2017-01-05 08:01 - 2017-01-05 08:01 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (7) 2017-01-05 04:29 - 2017-01-05 04:29 - 00010752 _____ C:\WINDOWS\surpluses.exe 2017-01-05 04:29 - 2017-01-05 04:29 - 00010752 _____ C:\Users\Nate Clark Winner\AppData\Local\surpluses.exe 2017-01-04 19:26 - 2017-01-04 19:26 - 01784319 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (6).zip 2017-01-04 19:26 - 2017-01-04 19:26 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (6) 2017-01-04 18:11 - 2017-01-04 18:11 - 00888218 _____ C:\Users\Nate Clark Winner\Downloads\New Doc 11.pdf 2017-01-04 18:10 - 2017-01-04 18:10 - 00487345 _____ C:\Users\Nate Clark Winner\Downloads\New Doc 11_2.pdf 2017-01-04 18:00 - 2017-01-04 18:00 - 00012846 _____ C:\Users\Nate Clark Winner\Desktop\logo.text.colored.svg 2017-01-04 17:56 - 2017-01-04 17:56 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\fontconfig 2017-01-04 17:55 - 2017-01-04 17:55 - 00016412 _____ C:\Users\Nate Clark Winner\Downloads\StayCircles.logo.SVGs.rar 2017-01-04 17:55 - 2017-01-04 17:55 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\StayCircles.logo.SVGs 2017-01-04 17:55 - 2017-01-04 17:55 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\inkscape 2017-01-04 15:50 - 2017-01-04 15:50 - 01784319 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (5).zip 2017-01-04 15:50 - 2017-01-04 15:50 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (5) 2017-01-04 15:30 - 2017-01-04 15:30 - 00000966 _____ C:\Users\Public\Desktop\Inkscape 0.91.lnk 2017-01-04 15:28 - 2017-01-04 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91 2017-01-04 15:28 - 2017-01-04 15:30 - 00000000 ____D C:\Program Files\Inkscape 2017-01-04 15:27 - 2017-01-04 15:28 - 97868152 _____ C:\Users\Nate Clark Winner\Downloads\inkscape-0.91-x64.msi 2017-01-04 15:10 - 2017-01-04 15:10 - 00054107 _____ C:\Users\Nate Clark Winner\Downloads\staycircles.pdf 2017-01-04 14:23 - 2017-01-04 14:23 - 01784319 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (4).zip 2017-01-04 14:23 - 2017-01-04 14:23 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (4) 2017-01-04 13:51 - 2017-01-04 13:51 - 07869892 _____ C:\Users\Nate Clark Winner\Downloads\MSNA20151106546812.pdf 2017-01-04 13:46 - 2017-01-04 13:46 - 01784314 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (3).zip 2017-01-04 13:46 - 2017-01-04 13:46 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (3) 2017-01-04 12:35 - 2017-01-04 12:35 - 01784269 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (2).zip 2017-01-04 12:35 - 2017-01-04 12:35 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (2) 2017-01-04 08:51 - 2017-01-04 08:51 - 00556478 _____ C:\Users\Nate Clark Winner\Desktop\bandicam 2017-01-04 08-51-02-197.avi 2017-01-03 17:16 - 2017-01-03 17:16 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Search Panels HTML SCSS 2 2017-01-03 12:48 - 2017-01-03 12:48 - 01784023 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup (1).zip 2017-01-03 12:48 - 2017-01-03 12:48 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup (1) 2017-01-03 11:02 - 2017-01-03 11:03 - 01784926 _____ C:\Users\Nate Clark Winner\Desktop\bandicam 2017-01-03 11-02-52-196.avi 2017-01-03 10:50 - 2017-01-03 10:50 - 01783831 _____ C:\Users\Nate Clark Winner\Downloads\pins-popup.zip 2017-01-03 10:50 - 2017-01-03 10:50 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\pins-popup 2017-01-02 17:50 - 2017-01-02 17:54 - 18067986 _____ C:\Users\Nate Clark Winner\Downloads\blonde ride - Pornhubcom.mp4 2017-01-02 17:40 - 2017-01-02 17:40 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\09.20.2014 - New Leaked Jennifer Lawrence (J.Law) Nude Pics #thefappening 2017-01-02 17:34 - 2017-01-02 17:38 - 290792728 _____ C:\Users\Nate Clark Winner\Downloads\[BLACKED] Makenna Blue (How To Train a Housewife - 31.12.2016) [tk].mp4 2017-01-02 09:07 - 2017-01-02 09:07 - 01786695 _____ C:\Users\Nate Clark Winner\Downloads\Google Invites.zip 2017-01-02 09:07 - 2017-01-02 09:07 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\email-invite (2) 2017-01-02 08:52 - 2017-01-02 08:52 - 01786552 _____ C:\Users\Nate Clark Winner\Downloads\email-invite (1).zip 2017-01-02 08:52 - 2017-01-02 08:52 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\email-invite (1) 2017-01-01 20:30 - 2017-01-01 20:30 - 01786146 _____ C:\Users\Nate Clark Winner\Downloads\email-invite.zip 2017-01-01 20:30 - 2017-01-01 20:30 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\email-invite 2017-01-01 17:39 - 2017-01-01 17:39 - 01783655 _____ C:\Users\Nate Clark Winner\Downloads\Messages and Mutual StayPals Popup 2.0.zip 2017-01-01 17:39 - 2017-01-01 17:39 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (7) 2017-01-01 16:33 - 2017-01-01 16:33 - 01783650 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (6).zip 2017-01-01 16:33 - 2017-01-01 16:33 - 01783650 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (5).zip 2017-01-01 16:33 - 2017-01-01 16:33 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (6) 2017-01-01 14:40 - 2017-01-01 14:40 - 01783536 _____ C:\Users\Nate Clark Winner\Downloads\Message and Mutual StayPals Popup.zip 2017-01-01 14:40 - 2017-01-01 14:40 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (5) 2017-01-01 12:55 - 2017-01-01 12:55 - 01783278 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (4).zip 2017-01-01 12:55 - 2017-01-01 12:55 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (4) 2017-01-01 12:03 - 2017-01-01 12:03 - 01783361 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (3).zip 2017-01-01 12:03 - 2017-01-01 12:03 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (3) 2017-01-01 02:41 - 2017-01-01 02:41 - 01783256 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (2).zip 2017-01-01 02:41 - 2017-01-01 02:41 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup (2) 2017-01-01 02:31 - 2017-01-01 02:32 - 01783256 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup (1).zip 2016-12-31 15:54 - 2016-12-31 15:54 - 01783212 _____ C:\Users\Nate Clark Winner\Downloads\messagepopup.zip 2016-12-31 13:06 - 2016-12-31 13:06 - 04889324 _____ C:\Users\Nate Clark Winner\Downloads\Search Panels HTML SCSS 2.zip 2016-12-30 11:35 - 2016-12-30 11:35 - 01785180 _____ C:\Users\Nate Clark Winner\Downloads\Rooms and Places HTML SCSS 2.zip 2016-12-30 11:35 - 2016-12-30 11:35 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (7) 2016-12-30 10:12 - 2016-12-30 10:12 - 01785096 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (6).zip 2016-12-30 10:12 - 2016-12-30 10:12 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (6) 2016-12-30 09:24 - 2016-12-30 09:24 - 01785094 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (5).zip 2016-12-30 09:24 - 2016-12-30 09:24 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (5) 2016-12-30 07:39 - 2016-12-30 07:39 - 01785065 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (4).zip 2016-12-30 07:39 - 2016-12-30 07:39 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (4) 2016-12-29 18:08 - 2016-12-29 18:08 - 00013008 _____ C:\Users\Nate Clark Winner\Downloads\stayproposed-fun.html 2016-12-29 13:01 - 2016-12-29 13:01 - 01783658 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (3).zip 2016-12-29 13:01 - 2016-12-29 13:01 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (3) 2016-12-28 14:29 - 2016-12-28 14:29 - 01783490 _____ C:\Users\Nate Clark Winner\Downloads\Rooms & Places 2.0 HTML-CSS.zip 2016-12-28 14:29 - 2016-12-28 14:29 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Rooms & Places 2.0 HTML-CSS 2016-12-28 12:14 - 2016-12-28 12:14 - 00079345 _____ C:\Users\Nate Clark Winner\Downloads\11541980_10204700202574252_3853786088326288371_n.jpg 2016-12-28 12:12 - 2016-12-28 12:12 - 00106653 _____ C:\Users\Nate Clark Winner\Downloads\Screen Shot 2016-12-28 at 12.08.36 PM.png 2016-12-28 10:59 - 2016-12-28 10:59 - 00419882 _____ C:\Users\Nate Clark Winner\Downloads\MessagePopup - 1.0.zip 2016-12-28 10:59 - 2016-12-28 10:59 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\messagepopup 2016-12-28 10:54 - 2016-12-28 10:54 - 04828301 _____ C:\Users\Nate Clark Winner\Downloads\Search Panels 1.0.zip 2016-12-27 15:30 - 2016-12-27 15:30 - 00844505 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (2).zip 2016-12-27 15:30 - 2016-12-27 15:30 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (2) 2016-12-26 21:35 - 2016-12-26 21:35 - 00586248 _____ C:\Users\Nate Clark Winner\Downloads\bandicam_2016-12-14_16-55-36-961 (1).avi 2016-12-26 15:33 - 2016-12-26 15:33 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software 2016-12-26 15:32 - 2016-12-26 15:33 - 00000000 ____D C:\Users\Nate Clark Winner\Documents\CoffeeCup Software 2016-12-26 15:32 - 2016-12-26 15:32 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\CoffeeCup Software 2016-12-26 15:31 - 2016-12-26 15:32 - 90690008 _____ C:\Users\Nate Clark Winner\Downloads\CoffeeFreeHTML15.3.exe 2016-12-26 13:32 - 2016-12-26 13:32 - 00069015 _____ C:\Users\Nate Clark Winner\Downloads\test work.zip 2016-12-26 13:32 - 2016-12-26 13:32 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\test work 2016-12-26 12:29 - 2016-12-26 12:29 - 00003872 _____ C:\Users\Nate Clark Winner\Downloads\favicon.02 (1).ico 2016-12-26 08:31 - 2016-12-26 08:31 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\testUSA 2016-12-25 11:54 - 2016-12-25 11:54 - 02232860 _____ C:\Users\Nate Clark Winner\Downloads\photo upload HTML 5.zip 2016-12-25 11:54 - 2016-12-25 11:54 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (5) 2016-12-25 11:29 - 2016-12-25 11:29 - 02232846 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (4).zip 2016-12-25 11:29 - 2016-12-25 11:29 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (4) 2016-12-25 10:41 - 2016-12-25 10:41 - 02232721 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (3).zip 2016-12-25 10:41 - 2016-12-25 10:41 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (3) 2016-12-25 10:10 - 2016-12-25 10:10 - 02232681 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (2).zip 2016-12-25 10:10 - 2016-12-25 10:10 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (2) 2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload (1) 2016-12-25 09:30 - 2016-12-25 09:30 - 02232112 _____ C:\Users\Nate Clark Winner\Downloads\image-upload (1).zip 2016-12-25 07:54 - 2016-12-25 07:54 - 01295679 _____ C:\Users\Nate Clark Winner\Downloads\image-upload.zip 2016-12-25 07:54 - 2016-12-25 07:54 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\image-upload 2016-12-24 15:43 - 2016-12-24 15:43 - 00025554 _____ C:\Users\Nate Clark Winner\Downloads\demo (1).zip 2016-12-24 15:43 - 2016-12-24 15:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\demo (1) 2016-12-24 06:49 - 2016-12-24 06:49 - 00000000 ____D C:\Users\Nate Clark Winner\Desktop\staycircles 2016-12-23 17:58 - 2016-12-23 17:58 - 00028840 _____ C:\Users\Nate Clark Winner\Downloads\test.zip 2016-12-23 17:58 - 2016-12-23 17:58 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\test 2016-12-23 17:54 - 2016-12-23 17:54 - 00841603 _____ C:\Users\Nate Clark Winner\Downloads\staycircles (1).zip 2016-12-23 17:54 - 2016-12-23 17:54 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles (1) 2016-12-23 14:16 - 2016-12-23 14:16 - 00032602 _____ C:\Users\Nate Clark Winner\Downloads\HoneyCo Subscription Terms of Service (Paper Form - Single Use).DOCX 2016-12-23 00:31 - 2016-12-23 00:31 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Highfive 2016-12-22 11:43 - 2016-12-22 11:43 - 00001893 _____ C:\Users\Nate Clark Winner\Downloads\demo.zip 2016-12-22 11:43 - 2016-12-22 11:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\demo 2016-12-22 08:01 - 2016-12-22 08:01 - 00782130 _____ C:\Users\Nate Clark Winner\Downloads\Dashboard - Stays 3.zip 2016-12-22 08:01 - 2016-12-22 08:01 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Dashboard - Stays 3 2016-12-22 07:43 - 2016-12-22 07:43 - 00571346 _____ C:\Users\Nate Clark Winner\Downloads\staycircles.zip 2016-12-22 07:43 - 2016-12-22 07:43 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\staycircles 2016-12-20 19:14 - 2016-12-20 19:14 - 01425618 _____ C:\Users\Nate Clark Winner\Downloads\bandicam 2016-12-20 19-13-20-635.avi 2016-12-20 08:48 - 2016-12-20 08:49 - 89237141 _____ C:\Users\Nate Clark Winner\Downloads\zoom.levels (2).rar 2016-12-20 08:48 - 2016-12-20 08:48 - 07278099 _____ C:\Users\Nate Clark Winner\Downloads\zoom (1).psd 2016-12-19 15:55 - 2016-12-19 15:55 - 00014421 _____ C:\Users\Nate Clark Winner\Downloads\upload_12_2_2016_at_2_43_25_PM.png 2016-12-19 10:52 - 2016-12-19 10:52 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\JAM Software 2016-12-19 10:52 - 2016-12-19 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2016-12-19 10:52 - 2016-12-19 10:52 - 00000000 ____D C:\Program Files (x86)\JAM Software 2016-12-19 10:51 - 2016-12-19 10:51 - 02463272 _____ (JAM Software ) C:\Users\Nate Clark Winner\Downloads\TreeSizeFreeSetup_2000.exe 2016-12-19 10:51 - 2016-12-19 10:51 - 00739972 _____ C:\Users\Nate Clark Winner\Downloads\TreeSizeFree_9x.zip 2016-12-18 13:11 - 2016-12-18 13:11 - 00571836 _____ C:\Users\Nate Clark Winner\Downloads\Screenshot_SmartSelect_2016-12-14-11-29-36.png 2016-12-18 12:28 - 2016-12-18 12:28 - 01858900 _____ C:\Users\Nate Clark Winner\Downloads\Mission.02.rar 2016-12-16 15:08 - 2017-01-02 10:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-16 14:19 - 2016-12-16 14:19 - 00023362 _____ C:\Users\Nate Clark Winner\Desktop\Alex Self-Rating.png 2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Users\Nate Clark Winner\Downloads\Infographic 2016-12-16 11:40 - 2016-12-16 11:40 - 15716165 _____ C:\Users\Nate Clark Winner\Downloads\Infographic.zip 2016-12-16 10:28 - 2016-12-16 10:28 - 00003872 _____ C:\Users\Nate Clark Winner\Downloads\favicon.02.ico 2016-12-14 22:09 - 2016-12-14 22:10 - 89237141 _____ C:\Users\Nate Clark Winner\Downloads\zoom.levels (1).rar 2016-12-14 22:09 - 2016-12-14 22:10 - 07278099 _____ C:\Users\Nate Clark Winner\Downloads\zoom.01 2016-12-14 20:34 - 2016-11-22 05:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-12-14 20:34 - 2016-11-22 04:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-12-14 20:34 - 2016-11-22 04:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-12-14 20:34 - 2016-11-22 04:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-12-14 20:34 - 2016-11-22 04:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2016-12-14 20:34 - 2016-11-22 04:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-12-14 20:34 - 2016-11-22 04:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2016-12-14 20:34 - 2016-11-22 04:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-12-14 20:34 - 2016-11-22 04:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-12-14 20:34 - 2016-11-22 04:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-12-14 20:34 - 2016-11-22 04:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-12-14 20:34 - 2016-11-22 03:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-12-14 20:34 - 2016-11-22 03:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-12-14 20:34 - 2016-11-22 03:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe 2016-12-14 20:34 - 2016-11-22 03:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2016-12-14 20:34 - 2016-11-22 03:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2016-12-14 20:34 - 2016-11-22 03:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2016-12-14 20:34 - 2016-11-22 03:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe 2016-12-14 20:34 - 2016-11-22 02:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-12-14 20:34 - 2016-11-22 02:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-12-14 20:34 - 2016-11-22 02:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-12-14 20:34 - 2016-11-22 02:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-12-14 20:34 - 2016-11-22 02:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-12-14 20:34 - 2016-11-22 02:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-12-14 20:34 - 2016-11-22 02:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-12-14 20:34 - 2016-11-22 02:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-12-14 20:34 - 2016-11-22 02:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-12-14 20:34 - 2016-11-22 02:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-12-14 20:34 - 2016-11-22 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-12-14 20:34 - 2016-11-22 02:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-12-14 20:34 - 2016-11-22 02:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-12-14 20:34 - 2016-11-22 02:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-12-14 20:34 - 2016-11-22 01:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-12-14 20:34 - 2016-11-22 01:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2016-12-14 20:34 - 2016-11-22 01:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-12-14 20:34 - 2016-11-22 01:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-12-14 20:34 - 2016-11-22 01:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-12-14 20:34 - 2016-11-22 01:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-12-14 20:34 - 2016-11-22 01:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-12-14 20:34 - 2016-11-22 01:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-12-14 20:34 - 2016-11-22 01:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-12-14 20:34 - 2016-11-22 01:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-12-14 20:34 - 2016-11-22 01:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-12-14 20:34 - 2016-11-22 01:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-12-14 20:34 - 2016-11-22 01:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-12-14 20:34 - 2016-11-22 00:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-12-14 20:34 - 2016-11-22 00:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-12-14 20:34 - 2016-11-22 00:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-12-14 20:34 - 2016-11-22 00:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-12-14 20:34 - 2016-11-22 00:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-12-14 20:34 - 2016-11-22 00:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-12-14 20:34 - 2016-11-22 00:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-12-14 20:34 - 2016-11-22 00:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-12-14 16:56 - 2016-12-14 16:56 - 00586248 _____ C:\Users\Nate Clark Winner\Downloads\bandicam_2016-12-14_16-55-36-961.avi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-05 23:12 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF 2017-01-05 23:12 - 2015-09-21 00:15 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-05 23:12 - 2015-01-07 13:57 - 00000000 ____D C:\FRST 2017-01-05 23:07 - 2016-10-20 13:19 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Slack 2017-01-05 23:07 - 2016-08-11 13:25 - 00000000 ___RD C:\Users\Nate Clark Winner\Google Drive 2017-01-05 23:06 - 2016-02-16 09:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-05 23:06 - 2016-02-16 09:50 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-05 23:06 - 2014-06-18 16:43 - 00000441 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2017-01-05 23:05 - 2015-10-30 00:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI 2017-01-05 23:05 - 2015-01-07 14:50 - 00000000 ____D C:\AdwCleaner 2017-01-05 22:55 - 2016-02-27 12:30 - 00000943 _____ C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {8E45308E-5B81-4D48-8C7B-B17ED3592903}.job 2017-01-05 22:55 - 2014-06-04 06:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-05 22:54 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media 2017-01-05 22:30 - 2016-07-14 08:25 - 00000990 _____ C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA.job 2017-01-05 22:05 - 2015-09-21 06:03 - 00002448 _____ C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-05 22:05 - 2015-09-21 06:03 - 00000000 ___RD C:\Users\Nate Clark Winner\OneDrive 2017-01-05 22:03 - 2016-02-16 09:51 - 00000000 ____D C:\Users\Nate Clark Winner 2017-01-05 22:03 - 2016-02-10 19:36 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-01-05 22:03 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Performance 2017-01-05 21:25 - 2015-06-03 20:00 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-01-05 20:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-05 20:30 - 2014-06-01 07:24 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Packages 2017-01-05 20:22 - 2015-08-23 12:29 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\deluge 2017-01-05 20:05 - 2016-03-27 15:09 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B397B85A-1F7C-40F7-8D95-2A93F2F0DF16} 2017-01-05 19:55 - 2014-06-04 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-01-05 19:55 - 2014-06-04 06:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-05 19:52 - 2014-06-01 07:28 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-05 19:44 - 2014-06-01 07:58 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\vlc 2017-01-05 16:42 - 2015-01-15 20:51 - 00000000 ____D C:\ProgramData\panda_url_filtering 2017-01-05 09:30 - 2016-07-14 08:25 - 00000938 _____ C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core.job 2017-01-05 02:00 - 2015-08-06 18:08 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Adobe 2017-01-04 15:45 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-04 14:52 - 2016-08-23 09:33 - 00000600 _____ C:\Users\Nate Clark Winner\AppData\Local\PUTTY.RND 2017-01-02 10:52 - 2013-12-16 22:29 - 00000000 ____D C:\ProgramData\Temp 2017-01-02 10:51 - 2015-03-06 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-02 10:50 - 2014-06-01 16:48 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Spotify 2017-01-02 09:34 - 2014-06-01 16:48 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Spotify 2016-12-26 15:33 - 2014-06-21 11:58 - 00000000 ___RD C:\Users\Nate Clark Winner\Documents 2016-12-23 00:31 - 2016-07-14 08:26 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Deployment 2016-12-23 00:31 - 2016-07-14 08:24 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\Highfive 2016-12-22 09:18 - 2016-03-16 08:22 - 00003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1424017197 2016-12-22 09:18 - 2015-02-15 10:20 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-12-22 09:18 - 2015-02-15 10:19 - 00000000 ____D C:\Program Files (x86)\Opera 2016-12-21 09:10 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\assembly 2016-12-21 09:10 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-12-21 09:10 - 2014-06-01 08:23 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-12-20 11:38 - 2016-02-16 09:51 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms 2016-12-20 11:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\catroot2 2016-12-20 11:30 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\CatRoot 2016-12-18 12:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache 2016-12-16 18:46 - 2016-06-03 10:36 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-16 18:46 - 2016-06-03 10:36 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-16 18:24 - 2016-06-03 10:13 - 00003704 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA 2016-12-16 18:24 - 2016-06-03 10:13 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core 2016-12-16 13:48 - 2014-06-01 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-16 13:15 - 2016-02-16 09:48 - 00597528 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-16 13:15 - 2015-10-30 00:28 - 00262144 ___SH C:\Users\Default\NTUSER.DAT 2016-12-16 09:57 - 2014-06-01 08:00 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2016-12-16 09:57 - 2014-06-01 08:00 - 00000000 ____D C:\Program Files\paint.net 2016-12-15 23:17 - 2016-02-16 09:48 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{485596e0-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms 2016-12-15 23:17 - 2016-02-16 09:48 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{485596e0-7ed5-11e5-80df-e41d2d718e10}.TM.blf 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\en-US 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Internet Explorer 2016-12-15 23:16 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Internet Explorer 2016-12-15 23:16 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\DriverStore 2016-12-15 23:14 - 2014-07-06 19:20 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Skype 2016-12-15 14:24 - 2016-01-17 10:07 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-12-15 14:24 - 2015-10-30 00:28 - 00000000 ____D C:\Program Files (x86)\Common Files 2016-12-15 14:24 - 2014-07-06 19:20 - 00000000 ____D C:\ProgramData\Skype 2016-12-14 21:28 - 2014-06-04 08:45 - 00262144 _____ C:\Users\Public\NTUSER.DAT 2016-12-14 20:24 - 2014-06-01 07:32 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-14 20:21 - 2016-10-20 13:19 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies 2016-12-14 20:21 - 2016-10-20 13:18 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\slack 2016-12-14 20:21 - 2015-08-12 20:18 - 00000000 ____D C:\Users\Nate Clark Winner\AppData\Local\SquirrelTemp 2016-12-14 16:50 - 2015-10-24 06:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-12-14 16:49 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-14 16:46 - 2014-06-01 08:31 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-14 16:43 - 2014-06-01 08:31 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-11 17:03 - 2015-10-30 01:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-11 17:03 - 2015-10-30 01:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2016-06-11 10:50 - 2016-07-14 19:05 - 0000034 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\AdobeWLCMCache.dat 2015-11-19 15:24 - 2016-09-03 15:36 - 0000096 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\Camdata.ini 2015-11-19 15:24 - 2016-09-03 15:36 - 0000408 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\CamLayout.ini 2015-11-19 15:24 - 2016-09-03 15:36 - 0000408 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\CamShapes.ini 2015-11-19 15:24 - 2016-09-03 15:36 - 0004547 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\CamStudio.cfg 2015-11-19 15:23 - 2016-09-03 14:51 - 0000096 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\version2.xml 2016-02-10 20:37 - 2016-02-10 20:37 - 0000046 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\WB.CFG 2017-01-05 19:44 - 2017-01-05 19:44 - 0000001 _____ () C:\Users\Nate Clark Winner\AppData\Roaming\XSLvRF 2016-08-23 09:33 - 2017-01-04 14:52 - 0000600 _____ () C:\Users\Nate Clark Winner\AppData\Local\PUTTY.RND 2017-01-05 20:26 - 2017-01-05 20:26 - 0001840 _____ () C:\Users\Nate Clark Winner\AppData\Local\recently-used.xbel 2015-12-08 23:13 - 2015-12-08 23:13 - 0000017 _____ () C:\Users\Nate Clark Winner\AppData\Local\resmon.resmoncfg 2017-01-05 04:29 - 2017-01-05 04:29 - 0010752 _____ () C:\Users\Nate Clark Winner\AppData\Local\surpluses.exe 2015-01-06 17:08 - 2015-01-06 17:08 - 0138414 _____ () C:\ProgramData\1420585157.bdinstall.bin 2015-01-06 22:41 - 2015-01-06 22:41 - 0185956 _____ () C:\ProgramData\1420605589.bdinstall.bin 2015-01-07 16:40 - 2015-01-07 16:40 - 0037669 _____ () C:\ProgramData\1420670400.bdinstall.bin 2015-01-07 16:40 - 2015-01-07 16:40 - 0098109 _____ () C:\ProgramData\1420670401.bdinstall.bin 2015-01-15 20:36 - 2015-01-15 20:49 - 0012394 _____ () C:\ProgramData\1421375812.1868.bin 2015-01-15 20:37 - 2015-01-15 20:49 - 0009919 _____ () C:\ProgramData\1421375812.2476.bin 2015-01-15 20:37 - 2015-01-15 20:49 - 0013719 _____ () C:\ProgramData\1421375812.2524.bin 2015-01-15 20:36 - 2015-01-15 21:38 - 0003499 _____ () C:\ProgramData\1421375812.2876.bin 2015-01-15 20:49 - 2015-01-15 20:49 - 0029598 _____ () C:\ProgramData\1421375812.2920.bin 2015-01-15 20:36 - 2015-01-15 21:11 - 0049209 _____ () C:\ProgramData\1421375812.3220.bin 2015-01-15 20:37 - 2015-01-15 20:49 - 0002538 _____ () C:\ProgramData\1421375812.3312.bin 2015-01-15 20:37 - 2015-01-15 20:37 - 0000507 _____ () C:\ProgramData\1421375812.6100.bin 2016-02-16 09:50 - 2016-02-16 09:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-16 22:32 - 2013-12-16 22:32 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-12-16 22:29 - 2013-12-16 22:30 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-12-16 22:30 - 2013-12-16 22:31 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-12-16 22:29 - 2013-12-16 22:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-12-16 22:31 - 2013-12-16 22:32 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some files in TEMP: ==================== C:\Users\Nate Clark Winner\AppData\Local\Temp\bdfilters.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\cpa.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\cubecc.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\FoxitUpdater.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u111-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\libeay32.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\msvcr120.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\SkypeSetup.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\sqlite3.dll C:\Users\Nate Clark Winner\AppData\Local\Temp\vlc-2.2.4-win64.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\wait.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\windows.exe C:\Users\Nate Clark Winner\AppData\Local\Temp\XvidCod.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-05 11:58 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017 Ran by Nate Clark Winner (05-01-2017 23:13:34) Running from C:\Users\Nate Clark Winner\Desktop\New folder Windows 10 Home Version 1511 (X64) (2016-02-16 16:01:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2179773923-3527668487-1133873981-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2179773923-3527668487-1133873981-503 - Limited - Disabled) Guest (S-1-5-21-2179773923-3527668487-1133873981-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2179773923-3527668487-1133873981-1006 - Limited - Enabled) Nate Clark Winner (S-1-5-21-2179773923-3527668487-1133873981-1001 - Administrator - Enabled) => C:\Users\Nate Clark Winner nates (S-1-5-21-2179773923-3527668487-1133873981-1009 - Limited - Enabled) => C:\Users\nates UpdatusUser (S-1-5-21-2179773923-3527668487-1133873981-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.2.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF01}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CoffeeCup Free HTML Editor (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\CoffeeCup Free HTML Editor) (Version: - ) Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - ) Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.) Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.) GitHub (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.0.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) Herramientas de corrección de Microsoft Office 2016: español (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Highfive Outlook Add-in (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\89B5488E8FEA2BBC6B82A8A5CB989064D4CA4BBE) (Version: 1.54.0.6 - Highfive) HighfiveApp (HKLM-x32\...\{54530292-7167-4050-8982-5CC77500545D}) (Version: 1.54.0.6 - Highfive) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio Professional 2016 (HKLM-x32\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mobizen (HKLM-x32\...\{BA0D3A44-BCEE-4C8B-BCD4-F7F1E64F41E3}) (Version: 2.21.1.2 - RSUPPORT) Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) (HKLM\...\Creative OEM005) (Version: - ) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden OpenTTD 1.4.4 (HKLM-x32\...\OpenTTD) (Version: 1.4.4 - OpenTTD) Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software) Outils de vérification linguistique 2016 de Microsoft Office - Français (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC) Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security) Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge) PdfMerge (HKLM-x32\...\{238BE990-A412-4129-A434-D03B1A9E396E}) (Version: 1.22.0 - PdfMerge) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Python 3.5.1 (32-bit) (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation) Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) R for Windows 3.1.2 (HKLM\...\R for Windows 3.1.2_is1) (Version: 3.1.2 - R Core Team) Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Screen Recorder Launcher (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\ScreenRecorderLauncher) (Version: 1.7 - ) Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 2.6.9 - Estmob Inc.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Slack (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\slack) (Version: 2.3.2 - Slack Technologies) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) Spotify (HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TreeSize Free V2.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.4 - JAM Software) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Засоби перевірки правопису Microsoft Office 2016 – українська (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2179773923-3527668487-1133873981-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nate Clark Winner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00DE61BF-FB22-4C36-AD0B-6C3BB2A650C5} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION Task: {030DBD61-6F78-4D7B-998A-FF5E4BDB1A5C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {03E5C09A-333D-4F33-A900-4D23B7710FF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {05083265-595F-409A-89BA-165FB05B0CF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {0A9CA761-E23C-452E-BBB5-3A07F2107B72} - \{A2F202EF-DBBD-4C47-9FC7-98564731B3E6} -> No File <==== ATTENTION Task: {0DA2A098-5EE9-43FB-8D3D-5A5DDB6E287B} - \54569560 -> No File <==== ATTENTION Task: {0F7EA3EB-1659-4E15-967B-F1519EDA2FEB} - \ba5456956054569560 -> No File <==== ATTENTION Task: {10FFAE46-30D0-40F7-8993-8E4BEBF1F02B} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {1450AF5B-44FA-423C-9B14-987637F259D0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {1B1352BA-1A8A-47FB-ADB6-6E1262606C55} - System32\Tasks\SafeZone scheduled Autoupdate 1483670807 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {24B226C7-0D81-4DA1-9C19-D69E4D62786F} - System32\Tasks\AdobeAAMUpdater-1.0-yawhoobeast-Nate Clark Winner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated) Task: {270F5625-F4AE-48F0-9371-3B07DFBB541B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {2C598B5E-B11A-4DDF-B458-270D8CCE724C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {2F358E96-8776-42AC-8F1F-8B66349B8B7D} - \Private Internet Access Startup -> No File <==== ATTENTION Task: {34EA08EF-CCFB-4A20-A77E-FEB57612D844} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3BBC935F-EE27-4ABD-862D-98B56A519EE6} - System32\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe [2016-07-14] (Highfive) Task: {3DD93E5A-5F17-4974-B11B-141FC9CED6FF} - System32\Tasks\bak21598691k21598691 => C:\Program Files (x86)\gutless\gutless.exe [2017-01-05] (overburdened) Task: {42743DEC-6872-40FE-B761-581DE20A449E} - \ba2159869121598691 -> No File <==== ATTENTION Task: {42AFEE16-ABDE-437C-803C-3AF71B203849} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {44AA3544-B251-4904-8889-E1928B8BE165} - \21598691 -> No File <==== ATTENTION Task: {471EDC11-099B-4B0F-97FB-55F04A015537} - System32\Tasks\Opera scheduled Autoupdate 1424017197 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software) Task: {487879FE-42B0-4382-A02B-AC3002234CD2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe Task: {509FF792-C959-43DC-9263-62413ADFC438} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5154FA12-A288-4609-B4B0-A51306E982A0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {5B0587E8-EE99-4A07-98C4-6372ABA58F81} - System32\Tasks\ba65832336583233 => C:\Program Files (x86)\Simulated\surpluses.exe [2017-01-05] () Task: {60E104BD-9875-4F70-A81D-8AF5BCE9FE0D} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {62F4D559-ED82-41E9-80EC-B536051F4342} - \IEError -> No File <==== ATTENTION Task: {6ABC12A7-AE71-42C0-B827-289EFE6FD444} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6EA7922F-08CC-4F12-84B4-ECAEE9FE7D8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {89034AB9-CB6B-44D7-AD7C-4799F991D610} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {91B799C3-29FD-4840-8193-E893919A1B5C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {94ECDBFC-1B45-4165-A218-F9DD1F28A046} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation) Task: {976B9CC6-89A8-4611-B4C6-B7D834B81D1F} - \EPSON WF-2650 Series Update {8E45308E-5B81-4D48-8C7B-B17ED3592903} -> No File <==== ATTENTION Task: {98537C04-6969-4F5A-8356-A956CA5C1FE1} - \k21598691 -> No File <==== ATTENTION Task: {A3F65BF7-F215-4F27-AF96-3387B7CF6C4A} - System32\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe [2016-07-14] (Highfive) Task: {A4E5E80A-6C7F-453A-B4D8-3BC4AD31179F} - \KMSAuto -> No File <==== ATTENTION Task: {B28ED57D-4B20-4E44-909F-0DA1DDC7D158} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core => C:\Users\Nate Clark Winner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B392EED9-F19A-42EB-8F99-286C20BE194E} - \CLVDLauncher -> No File <==== ATTENTION Task: {B71C5176-D9B8-473D-BB23-769F27D9FFDF} - \CLMLSvc_P2G8 -> No File <==== ATTENTION Task: {BAE8CC12-9940-43C4-992E-74C1766D5E55} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA => C:\Users\Nate Clark Winner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {BD496921-B0C2-4D12-A418-EFBE4A5B465F} - \6583233 -> No File <==== ATTENTION Task: {C5CFF38E-1F9F-4362-9507-0709204D250C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {CE9CB07C-1C0A-4FC7-881A-CAF33EB31376} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D069B8CC-EBF9-4F10-951A-C61D0FF75D93} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {D136072D-AA37-4A24-902C-AC8D44CD245A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-05] (AVAST Software) Task: {D6BA6F03-D7C5-4269-955B-567F608F2B2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {DD4C3C85-C919-498C-B434-4B8656BA4707} - \Optimize Start Menu Cache Files-S-1-5-21-2179773923-3527668487-1133873981-1001 -> No File <==== ATTENTION Task: {EFDAFDA2-AE5F-4CBC-94A8-12360B41FC30} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon -> No File <==== ATTENTION Task: {FE89B928-91DF-40F2-BEB3-2435A38E1727} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {8E45308E-5B81-4D48-8C7B-B17ED3592903}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE :/EXE:{8E45308E-5B81-4D48-8C7B-B17ED3592903} /F:Update WORKGROUP\YAWHOOBEAST$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core.job => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HighfiveUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA.job => C:\Users\Nate Clark Winner\AppData\Local\Highfive\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Nate Clark Winner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54006d977149216d\SMS from Gmail™ & Facebook™ (MightyText).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iffdacemhfpnchinokehhnppllonacfj ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-16 09:50 - 2015-08-06 18:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-01 10:27 - 2011-08-18 15:53 - 00625728 _____ () C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe 2013-12-16 22:31 - 2012-04-24 20:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-06-05 07:46 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-07 09:06 - 2014-11-06 19:06 - 01016104 _____ () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe 2016-11-09 22:00 - 2016-10-25 03:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 08819438 _____ () C:\Program Files\pia_manager\pia_manager.exe 2016-11-09 22:00 - 2016-10-25 03:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-01-05 22:04 - 2017-01-05 22:04 - 01678560 _____ () C:\Users\Nate Clark Winner\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2016-07-26 03:57 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-04-18 17:35 - 2016-04-18 17:35 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-16 11:45 - 2016-02-16 11:45 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 06:10 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-11-09 22:01 - 2016-10-24 22:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 22:00 - 2016-10-24 22:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 22:01 - 2016-10-24 22:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 22:01 - 2016-10-24 22:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-09 07:09 - 2016-06-09 11:37 - 05555896 _____ () C:\Program Files (x86)\Send Anywhere\sendanywhere.exe 2017-01-05 04:29 - 2017-01-05 04:29 - 00068793 _____ () C:\Program Files (x86)\unquantified\granada.exe 2016-12-14 20:21 - 2016-12-14 20:21 - 02259968 _____ () C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\ffmpeg.dll 2016-12-14 20:21 - 2016-12-14 20:21 - 00211968 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\nslog\build\Release\nslog.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00101888 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00088064 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\gc\build\Release\gc.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00100352 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\edge-atom-shell\build\Release\edge.node 2016-12-14 20:21 - 2016-12-14 20:21 - 02865152 _____ () C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\libglesv2.dll 2016-12-14 20:21 - 2016-12-14 20:21 - 00095232 _____ () C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\libegl.dll 2016-12-14 20:21 - 2016-12-14 20:21 - 00483328 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00157696 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00161792 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\ref\build\Release\binding.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00168448 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\ffi\build\Release\ffi_bindings.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00088576 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\system-idle-time\build\Release\system_idle_time.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00086528 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\windows-quiet-hours\build\Release\quiethours.node 2016-12-14 20:21 - 2016-12-14 20:21 - 00412160 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\slack-calls.node 2016-12-14 20:21 - 2016-12-14 20:21 - 07275520 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\CallsCore.dll 2016-12-14 20:21 - 2016-12-14 20:21 - 01481728 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\boringssl.dll 2016-12-14 20:21 - 2016-12-14 20:21 - 00224256 _____ () \\?\C:\Users\Nate Clark Winner\AppData\Local\slack\app-2.3.4\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\protobuf_lite.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe 2017-01-05 04:29 - 2017-01-05 04:29 - 00010752 _____ () C:\Program Files (x86)\Simulated\surpluses.exe 2017-01-05 20:37 - 2017-01-05 20:37 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-05 20:45 - 2017-01-05 20:45 - 03070464 _____ () C:\Program Files\AVAST Software\Avast\defs\17010502\algo.dll 2017-01-05 20:37 - 2017-01-05 20:37 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2013-04-12 11:23 - 2013-04-12 11:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2016-04-18 17:35 - 2016-04-18 17:35 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 17:35 - 2016-04-18 17:35 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-12-14 20:24 - 2016-12-08 01:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-14 20:24 - 2016-12-08 01:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2017-01-05 22:04 - 2017-01-05 22:04 - 01244376 _____ () C:\Users\Nate Clark Winner\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2016-09-09 07:09 - 2014-12-22 00:07 - 00119822 _____ () C:\Program Files (x86)\Send Anywhere\libgcc_s_dw2-1.dll 2016-09-09 07:09 - 2014-12-22 00:07 - 01026062 _____ () C:\Program Files (x86)\Send Anywhere\libstdc++-6.dll 2017-01-05 23:06 - 2017-01-05 23:06 - 00098816 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32api.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00110080 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\pywintypes27.dll 2017-01-05 23:06 - 2017-01-05 23:06 - 00364544 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\pythoncom27.dll 2017-01-05 23:06 - 2017-01-05 23:06 - 00320512 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32com.shell.shell.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00914432 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_hashlib.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 01176576 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._core_.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00806400 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._gdi_.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00816128 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._windows_.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 01067008 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._controls_.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00733184 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._misc_.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00682496 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\pysqlite2._sqlite.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00088064 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_ctypes.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00686080 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\unicodedata.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00119808 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32file.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00108544 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32security.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00007168 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\hashobjs_ext.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00017920 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\thumbnails_ext.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00088064 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\usb_ext.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00012800 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\common.time34.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00018432 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32event.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00167936 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32gui.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00046080 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_socket.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 01303552 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_ssl.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00128512 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_elementtree.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00127488 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\pyexpat.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00038912 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32inet.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00036864 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_psutil_windows.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00524248 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\windows._lib_cacheinvalidation.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00011264 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32crypt.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00123392 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._wizard.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00077312 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._html2.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00027648 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_multiprocessing.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00020480 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\_yappi.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00035840 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32process.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00078848 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\wx._animate.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00024064 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32pipe.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00010240 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\select.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00025600 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32pdh.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00017408 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32profile.pyd 2017-01-05 23:06 - 2017-01-05 23:06 - 00022528 ____R () C:\Users\Nate Clark Winner\AppData\Local\Temp\_MEI87562\win32ts.pyd 2017-01-05 23:07 - 2017-01-05 23:07 - 00004608 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\nsfE58E.tmp\ExecCmd.dll 2017-01-05 20:37 - 2017-01-05 20:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-01-05 23:06 - 2017-01-05 23:06 - 00012800 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00009728 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00014848 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\src\rgloader\rgloader193.mswin.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00009216 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00126976 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00087552 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00016384 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00127316 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\bin\libffi-6.dll 2017-01-05 23:06 - 2017-01-05 23:06 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00013312 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2017-01-05 23:06 - 2017-01-05 23:06 - 00095744 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2017-01-05 23:06 - 2017-01-05 23:07 - 00026624 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr59C8.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2013-12-16 22:30 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2017-01-05 23:07 - 2017-01-05 23:07 - 00012800 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00009728 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00014848 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\src\rgloader\rgloader193.mswin.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00094208 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00118784 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00069120 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00083968 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\bin\zlib1.dll 2017-01-05 23:07 - 2017-01-05 23:07 - 00026624 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00275968 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00015360 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00008192 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00009216 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00023552 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00008704 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00036352 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00126976 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00087552 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00016384 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00127316 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\bin\libffi-6.dll 2017-01-05 23:07 - 2017-01-05 23:07 - 00013312 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00095744 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2017-01-05 23:07 - 2017-01-05 23:07 - 00026624 _____ () C:\Users\Nate Clark Winner\AppData\Local\Temp\ocr2390.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2015-10-13 06:38 - 2015-10-13 06:38 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll 2015-10-13 06:38 - 2015-10-13 06:38 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll 2013-12-16 22:22 - 2013-07-16 19:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-12-14 20:25 - 2016-12-14 20:25 - 17833560 _____ () C:\Users\Nate Clark Winner\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [272] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2016-09-03 14:55 - 00001135 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Ralink Wireless Utility.lnk" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2179773923-3527668487-1133873981-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{26D8F124-0ECA-4829-842F-0468B96CE323}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{236B6C82-800E-4EA3-8647-3E9C0EE69D61}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{0A07CEA7-D58C-46B5-9D49-E6033D95970C}] => C:\Program Files (x86)\pandasecuritytb\cleanupie.exe FirewallRules: [{6F8671E6-8B55-4867-ABCA-D1612755A91A}] => C:\Program Files (x86)\pandasecuritytb\cleanupie.exe FirewallRules: [{99FC3B3E-C185-4CA9-9A48-672D4C2DD69B}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{F379F3A6-6F28-40F5-B46E-82139FA4CDB5}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{99BE99FB-E406-421D-BDE4-10ADCD0D0213}] => %systemroot%\system32\alg.exe FirewallRules: [{1B0ED2E1-8609-4518-B77D-0E4ABE6B186C}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{1A946F40-8EE9-4CCF-A662-E6591E4C47DA}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{2A451059-4736-4930-B482-C34F11D79F80}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{20F5DB2D-C34F-4EC9-ACA5-7B223BD40781}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{FAA4A29B-4174-4843-88E2-59AB741BDCA3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{000B8F5B-0B75-49E9-AF02-F6E25351427E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{4ED6D708-2041-4B9F-809D-4F2E8C21D043}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [TCP Query User{8DC124F1-7117-4006-BAD7-93E0B88FB640}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{29C2318F-A404-45DA-B42A-7A17142F1A01}] => C:\Program Files (x86)\uTorrent\utorrent.exe FirewallRules: [{AF1AAE1B-17F1-4E94-A6CD-222E004114FF}] => C:\Program Files (x86)\uTorrent\utorrent.exe FirewallRules: [UDP Query User{299DBDD7-F3D3-4365-AFD3-94D73585E8E2}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{D2F8E984-DF02-4094-9B4F-17E15D85F358}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [{54FBCFDA-BF75-4E26-AC0B-A92746C3854E}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C2E7B7EF-3B2A-4A60-B44D-BD5CAF1E2409}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{A946BAB1-A475-4893-A0BD-FF9026750B92}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [UDP Query User{5CE5329F-EB01-40AE-A365-56E420E323A4}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{DF80AF91-64B7-47C1-AA26-91DC4B103F1A}C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe] => C:\users\nate clark Winner\appdata\roaming\spotify\spotify.exe FirewallRules: [{FAB75933-C1B0-47D6-90D0-2CBDADD8A5C8}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{8DE0111D-0B7E-44DC-96C4-7B5BA074B9FE}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{EF13EF5A-56C5-4143-A2DB-9D23C189C1A3}] => C:\Users\Nate Clark Winner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A611E025-E446-477F-B2BE-D374AAE65504}] => C:\Users\Nate Clark Winner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{768AECE7-805A-4D8C-B7B9-D6D8005C81AD}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{EBCCACBF-C4AA-4DCF-8574-F64B0AA64102}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{CB102D14-F2B3-4566-93D8-55973B778DB1}] => C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [{92941A84-54BE-43C6-9979-BE36CB1DC714}] => C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [{62EDC3DD-B726-441A-B768-D718E716D938}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{C7CB20EA-6C0D-454B-923A-3E65BA2C87B3}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{6E1E1E50-8A87-4A16-8011-92EF4C1DB16B}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{509F0700-760A-4215-BFDA-12E35562F505}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{3E5F8F72-6909-4FB2-AA65-B67A8EB14FB5}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{0A84D942-4D9F-4FF7-9263-739559C26BB8}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{A6166341-A688-4FB9-B714-E1455376B278}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{31184A71-EE31-48F4-9C82-782A542F4B4D}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{60D7A981-1039-443A-A243-9D92D94D0925}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{43EAD9FC-EC91-41A9-8342-EFBAF1D50F2F}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{AD073676-0C1A-4CE8-BBAF-2D8359E7A96A}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{EB70A3A4-122E-4DD3-A52B-58B5B624B642}] => C:\Users\Nate Clark Winner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{F6838F91-B571-4899-B96A-CA17A7648453}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C4CE128D-AEC1-4C55-8428-D484A94C88C3}] => LPort=2869 FirewallRules: [{7312EA7D-21BE-4CF7-A429-C7FA74F5DFCA}] => LPort=1900 FirewallRules: [TCP Query User{BAD8CF1D-A56F-4E07-94E1-E7A8D1CCA458}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{C50ED715-9B46-407C-8024-8C0B7EBECD2D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{26005133-7033-4A5B-92E4-23E327A978D1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{9D13AA8A-A72D-42E0-9184-23E63FA27D43}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{42F4B9E5-1F30-4EDC-A885-FBFEBEAAFBF9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{35FEFE22-F18D-40FB-A68D-7EAFBB148AC4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{F235EFA7-78FA-4C3E-A69F-2EF6530B7A9E}] => C:\Program Files (x86)\pandasecuritytb\dtUser.exe FirewallRules: [{DDFE6079-DAF4-45AF-93E3-8A206C8A8609}] => C:\Program Files (x86)\pandasecuritytb\dtUser.exe FirewallRules: [{9300BB4F-0B9D-43C0-A306-C8FC6BBE8C85}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{BB36EE43-A785-4FBD-B3D3-25A700E6B148}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [TCP Query User{3E58767A-CA3B-4850-8FEB-4A3E21EFC2F0}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{AAFE8160-A314-4EDA-946F-EE282A69B9FB}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{7FAD852F-CC74-4C0F-80A0-E64D6276A974}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0076B52E-EA60-4E1C-BD7A-BE12893F220A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C38329B4-FC9E-41E7-B180-48AE39B18F8E}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{399A5D93-9A95-4255-A989-F98ABBB0B4E4}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [{8EC21067-CD3F-43B2-B0F8-49ADEE2BE863}] => C:\Users\Nate Clark Winner\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{D44AD3B0-D46B-4143-B0E1-2FD8350DDEB8}] => C:\Users\Nate Clark Winner\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [TCP Query User{F5322E54-EA0F-43C4-9578-CD0C31A52438}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [UDP Query User{B7F884B9-76C4-457D-B8BA-22FAA3264142}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [TCP Query User{58A7B3A3-6409-4799-B743-5D5F9948B4D6}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [UDP Query User{DA8B6FC8-E98D-4388-A1E2-D886A279890E}C:\users\nates\desktop\counter\counter\hl.exe] => C:\users\nates\desktop\counter\counter\hl.exe FirewallRules: [TCP Query User{88BFD784-2603-4796-AC13-DEFD1BC2FF08}C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe] => C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe FirewallRules: [UDP Query User{CEDD19C6-BC4A-4147-9AEC-21E6221F9B00}C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe] => C:\users\nates\downloads\sinhvienit.net-gamemotogp2\gamemotogp2\motogp2_demo.exe FirewallRules: [TCP Query User{78C5C798-8307-4957-9707-6A0EE0BC6FC9}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{4CFAF19D-17D0-497E-A031-875791498F34}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe FirewallRules: [{B41269E2-B90C-49B5-AC1B-19DA83DF4AFD}] => %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe FirewallRules: [{842D9588-DB4B-4BA7-9D56-C9CD76F9CB43}] => %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe FirewallRules: [{6AAF9239-917F-4C97-8D6A-CA2611F246FF}] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe FirewallRules: [{965B8456-10A7-4849-98D2-9B8E0DD91981}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1546DBB5-BD21-450D-B01D-F69E6E296A9E}] => C:\Program Files (x86)\Simulated\surpluses.exe FirewallRules: [{8803B479-6203-454F-977F-DA727CB75E75}] => C:\Program Files (x86)\Navajos\surpluses.exe ==================== Restore Points ========================= 22-12-2016 17:00:31 Scheduled Checkpoint 26-12-2016 15:32:18 Installed Microsoft Visual C++ 2005 Redistributable 03-01-2017 14:02:18 Scheduled Checkpoint 04-01-2017 15:28:32 Installed Inkscape 0.91 05-01-2017 20:38:28 Removed Traffic Exchange ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/05/2017 10:55:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f Faulting module name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f Exception code: 0xc0000005 Fault offset: 0x00025ae8 Faulting process id: 0xde0 Faulting application start time: 0x01d267d9124475f3 Faulting application path: C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe Faulting module path: C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe Report Id: d9ec1ad0-9a09-495d-8834-e6c02ef7a8fe Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 10:07:03 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files\r\r-3.1.2\tcl\bin64\tk85.dll".Error in manifest or policy file "c:\program files\r\r-3.1.2\tcl\bin64\tk85.dll" on line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (01/05/2017 10:05:37 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2017 09:53:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:53:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:39:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dw20.exe version 2.0.50727.8670 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1aec Start Time: 01d267cd141de97d Termination Time: 17115 Application Path: C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\dw20.exe Report Id: b0e3b5cd-d3c1-11e6-bf1e-342387b1777c Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 09:36:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:22:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PSUAMain.exe, version: 4.0.0.646, time stamp: 0x56291049 Faulting module name: CC3290MT.DLL, version: 9.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000193ee Faulting process id: 0x1378 Faulting application start time: 0x01d267cc1edeac15 Faulting application path: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe Faulting module path: C:\Program Files (x86)\Panda Security\Panda Security Protection\CC3290MT.DLL Report Id: 370fba8a-25f6-494d-b8c0-af1b2ac5d4fc Faulting package full name: Faulting package-relative application ID: Error: (01/05/2017 09:08:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/05/2017 09:00:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: yawhoobeast) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (01/05/2017 11:08:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (01/05/2017 11:05:52 PM) (Source: DCOM) (EventID: 10010) (User: yawhoobeast) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. Error: (01/05/2017 11:05:52 PM) (Source: DCOM) (EventID: 10010) (User: yawhoobeast) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. Error: (01/05/2017 11:05:52 PM) (Source: DCOM) (EventID: 10010) (User: yawhoobeast) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. Error: (01/05/2017 11:05:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_5c6a6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/05/2017 11:05:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_5c6a6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/05/2017 11:05:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_5c6a6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/05/2017 11:05:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_5c6a6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/05/2017 11:04:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/05/2017 11:04:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-01-05 20:40:22.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-26 17:12:57.564 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-16 13:15:45.356 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-15 00:19:10.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-12 19:15:34.369 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-12 13:13:26.852 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-09 22:32:50.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-29 19:13:30.127 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-14 13:47:26.142 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-13 14:37:23.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 33% Total physical RAM: 12239.23 MB Available physical RAM: 8167.15 MB Total Virtual: 21967.23 MB Available Virtual: 17513.23 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:153.13 GB) (Free:31.56 GB) NTFS Drive e: (Adobe PS CC 2015) (CDROM) (Total:1.63 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 0024EDD7) Partition: GPT. ==================== End of Addition.txt ============================ Next I ran AdwCleaner. It required a restart. Here is the log: # AdwCleaner v6.041 - Logfile created 05/01/2017 at 23:20:40 # Updated on 16/12/2016 by Malwarebytes # Database : 2017-01-05.2 [Local] # Operating System : Windows 10 Home (X64) # Username : Nate Clark Kayhoe - YAWHOOBEAST # Running from : C:\Users\Nate Clark Kayhoe\Desktop\New folder\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: IEError ***** [ Registry ] ***** [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net ***** [ Web browsers ] ***** [-] [C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.0.443&pid=safeguard&sg=&sap=hp [-] [C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.7.598&pid=safeguard&sg=&sap=hp [-] [C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Deleted: hxxps://mysearch.avg.com?cid={134B6026-99EE-4BD1-AE82-78F829E9F327}&mid=4a9352ecddfd47d29dd5e56ac1559e8f-ae47a06aa64d0d911689d5908ac6b53bb1b3dad8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-05 09:39:19&v=18.1.9.799&pid=safeguard&sg=&sap=hp [-] [C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [19152 Bytes] - [05/01/2017 22:01:28] C:\AdwCleaner\AdwCleaner[C2].txt - [3664 Bytes] - [05/01/2017 23:05:34] C:\AdwCleaner\AdwCleaner[C3].txt - [2651 Bytes] - [05/01/2017 23:20:40] C:\AdwCleaner\AdwCleaner[R0].txt - [8994 Bytes] - [07/01/2015 15:02:48] C:\AdwCleaner\AdwCleaner[S0].txt - [17464 Bytes] - [05/01/2017 21:40:24] C:\AdwCleaner\AdwCleaner[S1].txt - [3786 Bytes] - [05/01/2017 22:08:32] C:\AdwCleaner\AdwCleaner[S2].txt - [3268 Bytes] - [05/01/2017 23:04:35] C:\AdwCleaner\AdwCleaner[S3].txt - [2777 Bytes] - [05/01/2017 23:19:32] ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [3090 Bytes] ########## Any help you can give would be hugely appreciated!

Done and done. Attached. Addition.txt FRST.txt

Yes, I just uninstalled it. I'm going to feel so dumb if that was it!