Inactive-A Slowly losing access to system admin privileges, maybe a rootkit, as it's rewritten my entire window

Status
Not open for further replies.
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-25 13:05 - 2017-08-25 13:06 - 255308582 _____ C:\Users\AIRWORX 2\Documents\Book1.xlsx
2017-08-25 12:37 - 2017-08-25 12:37 - 010485794 _____ C:\Users\AIRWORX 2\Documents\txtunicode.txt
2017-08-25 12:37 - 2017-08-25 12:37 - 005242896 _____ C:\Users\AIRWORX 2\Documents\txtansi.txt
2017-08-25 12:36 - 2017-08-25 12:36 - 005731140 _____ C:\Users\AIRWORX 2\Documents\txt.txt
2017-08-25 12:00 - 2017-08-25 12:00 - 000044221 _____ C:\Users\AIRWORX 2\Downloads\08.15.17Bradford Ltr (Certified).pdf
2017-08-25 11:50 - 2017-08-25 11:50 - 000874058 _____ C:\Users\AIRWORX 2\Downloads\Cosmic Jump Employee Manual No Jumping 1-30-14.pdf
2017-08-25 11:49 - 2017-08-25 11:49 - 000836044 _____ C:\Users\AIRWORX 2\Downloads\Cosmic Jump Employee Manual No Jumping.pdf
2017-08-25 10:58 - 2017-08-25 10:58 - 005731140 _____ C:\Users\AIRWORX 2\Documents\utf-8 format.txt
2017-08-25 09:59 - 2017-08-25 10:00 - 000364544 _____ C:\Users\AIRWORX 2\Documents\Database4.accdb
2017-08-25 02:33 - 2017-08-25 02:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2017-08-24 18:28 - 2017-08-24 18:28 - 000069632 _____ C:\Users\AIRWORX 2\Documents\dev.evtx
2017-08-24 18:26 - 2017-08-24 18:26 - 000069632 _____ C:\Users\AIRWORX 2\Documents\device events.evtx
2017-08-24 09:55 - 2017-08-24 09:55 - 016119416 _____ C:\Users\AIRWORX 2\Downloads\DB.Browser.for.SQLite-3.10.0-beta2-win64.exe
2017-08-24 09:46 - 2017-08-24 09:57 - 000352256 _____ C:\Users\AIRWORX 2\Documents\Database3.accdb
2017-08-24 08:33 - 2017-08-24 08:37 - 000352256 _____ C:\Users\AIRWORX 2\Documents\Database2.accdb
2017-08-24 08:26 - 2017-08-26 12:25 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job
2017-08-24 08:25 - 2017-08-24 08:25 - 005718872 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\vcredist_x64.exe
2017-08-24 07:41 - 2017-08-24 07:42 - 399261754 _____ C:\Users\AIRWORX 2\Downloads\mysql-5.7.19-winx64-debug-test.zip
2017-08-24 07:38 - 2017-08-24 07:38 - 008527872 _____ C:\Users\AIRWORX 2\Downloads\mysql-connector-odbc-5.3.9-winx64.msi
2017-08-24 07:33 - 2017-08-24 07:33 - 000000155 _____ C:\WINDOWS\system32\report.txt
2017-08-24 07:29 - 2017-08-24 07:34 - 000000289 _____ C:\WINDOWS\ODBC.INI
2017-08-24 04:32 - 2017-08-24 07:21 - 000352256 _____ C:\Users\AIRWORX 2\Documents\Database1.accdb
2017-08-24 02:07 - 2017-08-26 13:15 - 000004693 _____ C:\Users\AIRWORX 2\Desktop\Fixlog.txt
2017-08-23 07:56 - 2017-08-23 07:56 - 000001046 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-08-23 07:56 - 2012-07-24 00:00 - 000470528 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2_86.dll
2017-08-23 07:56 - 2011-12-12 00:00 - 000135824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2017-08-23 07:49 - 2017-08-23 07:49 - 005957560 _____ C:\Users\AIRWORX 2\Desktop\epson19043.exe
2017-08-23 07:30 - 2017-08-23 07:30 - 000120690 _____ C:\Users\AIRWORX 2\Downloads\combined.pdf
2017-08-23 07:28 - 2017-08-23 07:28 - 000123377 _____ C:\Users\AIRWORX 2\Desktop\alldocs.pdf
2017-08-23 06:57 - 2017-08-23 06:57 - 001240712 _____ C:\Users\AIRWORX 2\Desktop\this is ms.txt
2017-08-23 06:56 - 2017-08-23 06:56 - 001240712 _____ C:\Users\AIRWORX 2\Desktop\this is msi log.txt
2017-08-23 06:55 - 2017-08-23 06:55 - 001240712 _____ C:\Users\AIRWORX 2\Desktop\MSI6857e.txt
2017-08-23 06:51 - 2017-08-23 06:51 - 000036289 _____ C:\Users\AIRWORX 2\Desktop\setupact1.txt
2017-08-23 06:47 - 2017-08-23 06:47 - 000187717 _____ C:\Users\AIRWORX 2\Desktop\WidnowsUpdateLog 8-15-17.txt
2017-08-23 06:13 - 2017-08-23 06:13 - 000108484 _____ C:\Users\AIRWORX 2\Desktop\balance of 90 day created files.txt
2017-08-23 05:22 - 2017-08-23 05:22 - 000017880 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer reports.txt
2017-08-23 04:31 - 2017-08-23 04:31 - 000345927 _____ C:\Users\AIRWORX 2\Desktop\eset 12 found 11 corrected.txt
2017-08-23 04:30 - 2017-08-23 04:30 - 000203442 _____ C:\Users\AIRWORX 2\Desktop\6-28-17 eset all.txt
2017-08-23 04:28 - 2017-08-23 04:28 - 000511683 _____ C:\Users\AIRWORX 2\Desktop\eset 42 found.txt
2017-08-23 04:22 - 2017-08-23 04:22 - 000486514 _____ C:\Users\AIRWORX 2\Desktop\1 found eset.txt
2017-08-23 04:20 - 2017-08-23 04:20 - 000012117 _____ C:\Users\AIRWORX 2\Desktop\eset detected threats.txt
2017-08-23 04:17 - 2017-08-23 04:17 - 000000099 _____ C:\Users\AIRWORX 2\Desktop\eset last complete scan.txt
2017-08-23 04:13 - 2017-08-23 04:13 - 000000152 _____ C:\Users\AIRWORX 2\Desktop\6-28-17 eset.txt
2017-08-23 04:08 - 2017-08-23 04:08 - 000012117 _____ C:\Users\AIRWORX 2\Desktop\eset threats.txt
2017-08-22 20:17 - 2017-08-22 20:17 - 000072689 _____ C:\Users\AIRWORX 2\Downloads\02234217-WebDetail.pdf
2017-08-22 19:57 - 2017-08-22 19:57 - 000010810 _____ C:\Users\AIRWORX 2\Desktop\Brandi-Copas.pdfresume.pdf
2017-08-22 19:35 - 2017-08-22 19:36 - 297077664 _____ C:\Users\AIRWORX 2\Documents\regedits.REG
2017-08-21 15:38 - 2017-08-21 15:38 - 000092808 _____ C:\Users\AIRWORX 2\Downloads\Instructions-for-Completing-an-Affidavit-of-Affixture.pdf
2017-08-21 15:38 - 2017-08-21 15:38 - 000092808 _____ C:\Users\AIRWORX 2\Downloads\Instructions-for-Completing-an-Affidavit-of-Affixture (2).pdf
2017-08-21 15:38 - 2017-08-21 15:38 - 000092808 _____ C:\Users\AIRWORX 2\Downloads\Instructions-for-Completing-an-Affidavit-of-Affixture (1).pdf
2017-08-21 13:48 - 2017-08-21 13:53 - 000002324 _____ C:\Users\AIRWORX 2\Desktop\page 2.html
2017-08-21 13:35 - 2017-08-21 13:39 - 000098816 _____ C:\Users\AIRWORX 2\Documents\Publication1.pub
2017-08-21 12:59 - 2017-08-21 13:40 - 000024476 _____ C:\Users\AIRWORX 2\Documents\Publication1.htm
2017-08-21 12:59 - 2017-08-21 13:40 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Publication1_files
2017-08-21 08:15 - 2017-08-21 08:15 - 000010221 _____ C:\Users\AIRWORX 2\Documents\booking list allen.xlsx
2017-08-21 07:27 - 2017-08-21 07:27 - 000006863 _____ C:\Users\AIRWORX 2\Desktop\sam's invoice 8-18-2017.pdf
2017-08-19 13:30 - 2017-08-19 13:33 - 000155362 _____ C:\Users\AIRWORX 2\Documents\Nick LIVING WILL.pdf
2017-08-19 13:29 - 2017-08-19 13:29 - 000159096 _____ C:\Users\AIRWORX 2\Documents\Nick LAST WILL AND TESTAMENT.pdf
2017-08-18 11:30 - 2017-08-18 11:30 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\IsolatedStorage
2017-08-18 11:20 - 2016-04-23 14:16 - 000000000 ____D C:\Users\AIRWORX 2\.oracle_jre_usage
2017-08-18 10:37 - 2017-08-18 11:13 - 000002951 _____ C:\Users\AIRWORX 2\Desktop\SeaTools for Windows.lnk
2017-08-18 10:37 - 2017-08-18 10:37 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate
2017-08-18 10:31 - 2017-08-18 10:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2017-08-18 10:30 - 2017-08-18 10:30 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\SeagateMenu
2017-08-18 10:16 - 2017-08-21 08:15 - 000024746 _____ C:\Users\AIRWORX 2\Documents\allen new.xlsx
2017-08-18 07:56 - 2017-08-18 07:57 - 000000000 ____D C:\Users\airwo\AppData\Local\Dropbox
2017-08-18 07:50 - 2017-08-18 07:50 - 000000000 ____D C:\Users\airwo\AppData\Roaming\Zeon
2017-08-18 07:40 - 2017-08-18 08:14 - 000000000 ____D C:\Users\airwo
2017-08-18 07:40 - 2017-08-18 07:40 - 000000020 ___SH C:\Users\airwo\ntuser.ini
2017-08-18 07:40 - 2017-08-18 07:40 - 000000000 ____D C:\Users\airwo\AppData\Local\TileDataLayer
2017-08-18 07:40 - 2017-08-18 07:40 - 000000000 ____D C:\Users\airwo\AppData\Local\ESET
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\Documents\hp.system.package.metadata
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\Documents\hp.applications.package.appdata
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\AppData\Local\Microsoft Help
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\AppData\Local\Google
2017-08-18 07:31 - 2017-08-18 07:31 - 000087960 _____ C:\Users\AIRWORX 2\Documents\wmi reports.txt
2017-08-18 06:46 - 2017-08-18 06:46 - 000001352 _____ C:\Users\AIRWORX 2\Desktop\hdwwiz.exe - Shortcut.lnk
2017-08-18 06:45 - 2017-08-18 06:45 - 000000981 _____ C:\Users\AIRWORX 2\Desktop\hdwwiz.cpl - Shortcut.lnk
2017-08-18 04:14 - 2017-08-18 04:14 - 000012508 _____ C:\Users\AIRWORX 2\Desktop\1F_REVGenEdChkFYComp_0.pdf
2017-08-18 04:03 - 2017-08-18 04:03 - 000114643 _____ C:\Users\AIRWORX 2\Desktop\MCCCD Program Description.pdf
2017-08-17 21:19 - 2017-08-17 21:20 - 000000823 _____ C:\Users\AIRWORX 2\Desktop\JRT.txt
2017-08-17 21:14 - 2017-08-17 21:14 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\JRT.exe
2017-08-17 21:07 - 2017-08-17 21:07 - 008185288 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\AdwCleaner.exe
2017-08-17 13:39 - 2017-08-17 13:39 - 000001955 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-17 13:39 - 2017-08-17 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-17 13:39 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-17 12:39 - 2017-08-17 12:39 - 000069632 _____ C:\WINDOWS\calc diag.evtx
2017-08-17 12:38 - 2017-08-17 12:39 - 000000000 ____D C:\WINDOWS\LocaleMetaData
2017-08-17 12:38 - 2017-08-17 12:38 - 000069632 _____ C:\WINDOWS\calc debug.evtx
2017-08-17 11:22 - 2017-08-26 12:26 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-17 11:22 - 2017-08-23 02:05 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-17 09:21 - 2017-08-17 09:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-17 09:20 - 2017-08-17 09:20 - 065033984 _____ (Malwarebytes ) C:\Users\AIRWORX 2\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-08-17 05:52 - 2017-08-17 05:52 - 035688304 _____ (Adlice Software ) C:\Users\AIRWORX 2\Desktop\RogueKiller_setup.exe
2017-08-17 05:50 - 2017-08-17 05:50 - 000003429 _____ C:\Users\AIRWORX 2\Documents\to do techspot.txt
2017-08-17 03:42 - 2017-08-17 03:42 - 000069632 _____ C:\Users\AIRWORX 2\Documents\antimalware.evtx
2017-08-15 13:35 - 2017-08-15 13:35 - 000714224 _____ C:\Users\AIRWORX 2\Desktop\Windows10andWindowsServer2016PolicySettings (1).xlsx
2017-08-15 13:33 - 2017-08-15 13:33 - 000714224 _____ C:\Users\AIRWORX 2\Desktop\Windows10andWindowsServer2016PolicySettings.xlsx
2017-08-15 13:12 - 2017-08-15 13:12 - 000248729 _____ C:\Users\AIRWORX 2\Downloads\pop-securing-lateral-account-movement.pdf
2017-08-15 11:38 - 2017-08-15 11:38 - 000767631 _____ C:\Users\AIRWORX 2\Desktop\F4183E84-3D51-4F88-8145-9312C2D88DC6.pdf
2017-08-15 08:02 - 2017-01-02 13:47 - 000068873 _____ C:\Users\AIRWORX 2\Downloads\Inv_3303_from_3_ATOMS_LLC_3656 - Copy.pdf
2017-08-15 04:58 - 2017-08-22 10:05 - 002395648 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\FRST64.exe
2017-08-15 02:24 - 2017-08-15 02:24 - 021715575 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034662-x64_f2380ab75c39045ffdde4fa875029e1b70bb5aec.msu
2017-08-14 14:40 - 2017-08-14 14:43 - 904101495 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034674-x64_cae3409b2e93b492093c43a18aa81f66cc70cdad.msu
2017-08-14 14:40 - 2017-08-14 14:42 - 564953013 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034674-x64_delta_891202a55f2b6051b8a03b309ea9922ba19e1cf6.msu
2017-08-14 12:03 - 2017-08-14 12:03 - 000583304 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\ESETHfsReader (1).exe
2017-08-14 11:59 - 2017-08-14 11:59 - 002273880 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x86.exe
2017-08-14 11:59 - 2017-08-14 11:59 - 000115008 _____ (ESET) C:\WINDOWS\SysWOW64\Drivers\efavdrv.sys
2017-08-14 11:57 - 2017-08-14 11:57 - 002991832 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x64 (1).exe
2017-08-14 09:04 - 2017-08-14 09:04 - 000001860 _____ C:\Users\AIRWORX 2\Desktop\sc-cleaner1.txt
2017-08-11 12:22 - 2017-08-23 03:36 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\mbar
2017-08-11 12:22 - 2017-08-11 12:22 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001 (1).exe
2017-08-11 10:22 - 2017-08-26 12:23 - 000000000 ____D C:\AdwCleaner
2017-08-11 10:18 - 2017-08-11 10:18 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\esetonlinescanner_enu.exe
2017-08-11 09:51 - 2017-08-11 09:51 - 000001613 _____ C:\Users\AIRWORX 2\Desktop\ProcmonConfiguration.pmc
2017-08-11 09:47 - 2017-08-11 09:47 - 000001737 _____ C:\Users\AIRWORX 2\Desktop\cross reference processes.CSV
2017-08-11 09:46 - 2017-08-11 09:46 - 000001188 _____ C:\Users\AIRWORX 2\Desktop\network events.CSV
2017-08-11 09:43 - 2017-08-14 09:03 - 000001860 _____ C:\Users\AIRWORX 2\Desktop\sc-cleaner.txt
2017-08-11 09:42 - 2017-08-11 09:42 - 000059971 _____ C:\Users\AIRWORX 2\Desktop\MTB1.txt
2017-08-11 09:41 - 2017-08-11 09:41 - 000059971 _____ C:\Users\AIRWORX 2\Desktop\MTB.txt
2017-08-11 08:04 - 2017-08-11 08:04 - 000892416 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\MiniToolBox.exe
2017-08-11 08:03 - 2017-08-11 08:03 - 000467072 _____ (Bleeping Computer, LLC) C:\Users\AIRWORX 2\Desktop\sc-cleaner.exe
2017-08-11 04:17 - 2017-08-11 04:17 - 000488556 _____ C:\Users\AIRWORX 2\Desktop\5-15-17 eset.xml
2017-08-11 04:16 - 2017-08-11 04:16 - 000211414 _____ C:\Users\AIRWORX 2\Desktop\6-27-17 eset findings.xml
2017-08-11 02:29 - 2017-08-11 02:29 - 000148871 _____ C:\Users\AIRWORX 2\Desktop\ssasbug.android findings eset.txt
2017-08-11 02:27 - 2017-08-11 02:27 - 000203442 _____ C:\Users\AIRWORX 2\Desktop\tv lite.jsn findings eset.txt
2017-08-11 02:26 - 2017-08-11 02:26 - 002683721 _____ C:\Users\AIRWORX 2\Desktop\Ink cant open .txt
2017-08-11 02:25 - 2017-08-11 02:25 - 000000201 _____ C:\Users\AIRWORX 2\Desktop\safe os mount eset.txt
2017-08-11 02:22 - 2017-08-11 02:22 - 000109866 _____ C:\Users\AIRWORX 2\Desktop\eset history and NT Auth updates too.txt
2017-08-10 20:28 - 2017-08-10 20:28 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ESET Rootkit Detector.app
2017-08-10 20:22 - 2017-08-10 20:22 - 002991832 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x64.exe
2017-08-10 20:21 - 2017-08-14 12:03 - 000001244 _____ C:\Users\AIRWORX 2\Desktop\HfsReader_Log.txt
2017-08-10 20:15 - 2017-08-10 20:15 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ESET_Rootkit_Detector
2017-08-10 20:10 - 2017-08-10 20:10 - 000260296 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ESETNecursCleaner.exe
2017-08-10 20:09 - 2017-08-10 20:09 - 009757824 _____ (ESET) C:\Users\AIRWORX 2\Desktop\avremover_nt64_enu.exe
2017-08-10 20:09 - 2017-08-10 20:09 - 000616883 _____ C:\Users\AIRWORX 2\Desktop\ESET_Rootkit_Detector.zip
2017-08-10 20:09 - 2017-08-10 20:09 - 000583304 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\ESETHfsReader.exe
2017-08-10 12:19 - 2017-08-11 09:22 - 000100017 _____ C:\Users\AIRWORX 2\Desktop\DigiData.Vault.Adapter.log.1.txt
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\search UI.evtx
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\oneCore online setup.evtx
2017-08-10 11:43 - 2017-08-10 11:43 - 000069632 _____ C:\Users\AIRWORX 2\Documents\defender.evtx
2017-08-10 11:35 - 2017-08-10 11:35 - 000069632 _____ C:\Users\AIRWORX 2\Documents\Analytic.evtx
2017-08-10 07:54 - 2017-08-23 05:14 - 000091976 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-08-10 07:54 - 2017-08-18 08:33 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ProcessMonitor
2017-08-10 07:53 - 2017-08-10 07:53 - 001005016 _____ C:\Users\AIRWORX 2\Desktop\ProcessMonitor.zip
2017-08-10 07:30 - 2017-08-10 07:30 - 000022715 _____ C:\Users\AIRWORX 2\Desktop\Employee-Referral-Form.pdf
2017-08-09 11:55 - 2017-08-18 10:23 - 000206120 ____N C:\WINDOWS\Minidump\081817-24515-01.dmp
2017-08-09 10:44 - 2017-08-09 10:44 - 000000646 _____ C:\windows reg did not find any errors.txt
2017-08-09 10:23 - 2017-08-09 10:23 - 000009985 _____ C:\Users\AIRWORX 2\Desktop\cmd we ran 8-9-17.txt
2017-08-09 09:20 - 2017-08-09 09:20 - 000000347 _____ C:\Users\AIRWORX 2\Desktop\junk text commandtxt.txt
2017-08-09 09:10 - 2017-08-09 09:10 - 000035172 _____ C:\Users\AIRWORX 2\Desktop\services.xlsx
2017-08-09 08:52 - 2017-08-09 08:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001.exe
2017-08-09 05:56 - 2017-08-09 05:56 - 002396604 _____ C:\Users\AIRWORX 2\Desktop\WVCheck.exe
2017-08-09 05:53 - 2017-08-09 05:53 - 000380928 _____ C:\Users\AIRWORX 2\Desktop\n0i6wip8.exe
2017-08-09 02:29 - 2017-08-09 02:29 - 065033984 _____ (Malwarebytes ) C:\Users\AIRWORX 2\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-08 21:28 - 2017-08-08 21:28 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Publishers
2017-08-08 14:49 - 2017-08-08 14:50 - 021567079 _____ C:\Users\AIRWORX 2\Desktop\eset ignore known.xml
2017-08-08 11:20 - 2017-08-08 11:40 - 000007704 _____ C:\Users\AIRWORX 2\Desktop\SystemLook.txt
2017-08-08 11:18 - 2017-08-08 11:18 - 000165376 _____ C:\Users\AIRWORX 2\Desktop\SystemLook_x64.exe
2017-08-08 09:39 - 2017-08-08 09:39 - 000000000 ___RD C:\Users\AIRWORX 2\Downloads\Cosmic Jump AIRWORX Team Folder
2017-08-08 06:43 - 2017-08-08 06:43 - 000224885 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form -signed.pdf
2017-08-08 06:41 - 2017-08-08 06:41 - 000079927 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form .pdf
2017-08-08 06:37 - 2017-08-08 06:37 - 000130011 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgBX20iFWV0zlOfIcnVvXuWFsRsWFHxh-F_BkAp8bDwqqj0Yv8DmcWC9UunIF7Yc3GQ_FPzGqJGE3Udx6ZkfZbWjV2IWVIT2uMiJq5IMsfJkGNwBJkC4onio8yk=.pdf
2017-08-08 06:15 - 2017-08-09 09:10 - 000065097 _____ C:\Users\AIRWORX 2\Desktop\services.csv
2017-08-08 05:16 - 2017-08-08 05:16 - 000081951 _____ C:\Users\AIRWORX 2\Desktop\myeventviewer-x64.zip
2017-08-08 05:07 - 2017-08-08 05:07 - 000061440 _____ ( ) C:\Users\AIRWORX 2\Desktop\VEW.exe
2017-08-08 04:21 - 2017-08-08 04:21 - 001770460 _____ C:\Users\AIRWORX 2\Downloads\Windows Defender ATP - Ransomware response playbook.pdf
2017-08-08 04:20 - 2017-08-24 11:05 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\CrashDumps
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\Program Files (x86)\EMET 5.5
2017-08-08 04:13 - 2017-08-08 04:13 - 026812416 _____ C:\Users\AIRWORX 2\Downloads\EMET Setup.msi
2017-08-08 04:10 - 2017-08-08 04:39 - 000768464 _____ C:\Users\AIRWORX 2\Downloads\Windows10andWindowsServer2016PolicySettings.xlsx
2017-08-08 02:55 - 2017-08-08 02:55 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\JetBrains
2017-08-08 02:49 - 2017-08-24 04:32 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Microsoft Help
2017-08-08 02:43 - 2017-08-09 11:24 - 000000000 ____D C:\Android
2017-08-08 02:42 - 2017-08-09 11:20 - 000000000 ____D C:\Program Files\Android
2017-08-07 13:01 - 2017-08-07 13:04 - 000790638 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_13.01.55_log.txt
2017-08-07 12:43 - 2017-08-07 12:44 - 000008106 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_12.43.03_log.txt
2017-08-07 12:41 - 2017-08-07 12:41 - 004922400 _____ (AO Kaspersky Lab) C:\Users\AIRWORX 2\Desktop\tdsskiller.exe
2017-08-07 12:25 - 2017-08-07 12:25 - 000000155 _____ C:\WINDOWS\system32\all.txt
2017-08-07 10:00 - 2017-08-07 10:00 - 000879551 _____ C:\Users\AIRWORX 2\Desktop\CryptoSearch.zip
2017-08-04 11:10 - 2017-08-04 14:39 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\AP
2017-08-04 10:48 - 2017-08-17 05:54 - 000000942 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-04 10:37 - 2017-08-04 10:37 - 000000546 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.zip
2017-08-04 10:01 - 2017-08-04 10:02 - 000047265 _____ C:\Users\AIRWORX 2\Desktop\appcrashview (1).zip
2017-08-04 05:40 - 2017-08-04 09:24 - 000004816 _____ C:\Users\AIRWORX 2\Desktop\links to findings.txt
2017-08-03 20:55 - 2017-08-03 20:55 - 000055111 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgAjZaC8g0bE5UVjMkDU-EGyfCbydESYIcl5Ek-Jk2dgOtZdX5ShW7Uo0TTTXhI7ZV4o60JCCrjfMp-q84aBwoJKcJbRGbK_B2rm9Yaii0wppseh1AkAy87pTKo=.pdf
2017-08-03 12:52 - 2017-08-03 12:52 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset scans.txt
2017-08-03 07:53 - 2017-08-03 07:53 - 000333952 _____ (ESET) C:\Users\AIRWORX 2\Downloads\ESETEternalBlueChecker.exe
2017-08-03 07:38 - 2017-08-03 07:38 - 004836307 _____ C:\Users\AIRWORX 2\Downloads\eset_sysrescue_userguide_enu.pdf
2017-08-03 04:01 - 2017-08-26 12:25 - 100401152 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-03 03:58 - 2017-08-03 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-02 15:53 - 2017-08-02 15:53 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50 (1).exe
2017-08-02 10:02 - 2017-08-02 10:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\LogMeIn
2017-08-02 07:44 - 2017-08-02 07:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Security
2017-08-02 07:20 - 2017-08-24 18:28 - 000000000 ____D C:\Users\AIRWORX 2\Documents\LocaleMetaData
2017-08-02 07:19 - 2017-08-02 07:20 - 000069632 _____ C:\Users\AIRWORX 2\Documents\events.evtx
2017-08-02 03:08 - 2017-08-02 03:08 - 145707800 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\msert.exe
2017-08-02 03:05 - 2017-08-02 03:05 - 000001174 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer.txt
2017-08-02 03:03 - 2017-08-23 05:22 - 000000469 _____ C:\Users\AIRWORX 2\Desktop\AppCrashView.cfg
2017-08-01 08:19 - 2017-08-01 08:19 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset yesterday.txt
2017-08-01 06:18 - 2017-08-22 10:05 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\FRST-OlderVersion
2017-08-01 05:58 - 2017-08-01 05:58 - 000000000 ____D C:\WINDOWS\Panther
2017-07-31 15:33 - 2017-07-31 15:33 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\NetworkTiles
2017-07-31 15:25 - 2017-07-31 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\MicrosoftEdge
2017-07-31 13:36 - 2017-07-31 13:36 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu (1).exe
2017-07-28 08:44 - 2017-07-28 08:44 - 000000000 _____ C:\WINDOWS\system32\set
2017-07-28 06:15 - 2017-07-28 06:15 - 000576231 _____ C:\Users\AIRWORX 2\Downloads\DTec13656.pdf
2017-07-28 06:06 - 2017-07-28 06:06 - 000075669 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP (4).pdf
2017-07-28 06:01 - 2017-07-28 06:01 - 000053739 _____ C:\Users\AIRWORX 2\Downloads\HS-2.8.17 #2888 CJump KCity Jan Inv&Rep SH (1).pdf
2017-07-28 05:54 - 2017-07-28 05:54 - 000151083 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP - Inv.pdf
2017-07-28 05:39 - 2017-07-28 06:17 - 000002182 _____ C:\Users\AIRWORX 2\Downloads\data (35).csv
2017-07-28 05:17 - 2017-07-28 05:17 - 000002299 _____ C:\Users\AIRWORX 2\Desktop\Google Chrome.lnk
2017-07-28 03:35 - 2017-07-28 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 07:33 - 2017-07-27 07:33 - 008162248 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\AdwCleaner.exe
2017-07-27 07:33 - 2017-07-27 07:33 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\JRT.exe
2017-07-27 06:25 - 2017-07-27 06:25 - 000995572 _____ C:\Users\AIRWORX 2\Desktop\rel.XML
2017-07-27 06:02 - 2017-07-27 06:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\.IdentityService
2017-07-27 04:08 - 2017-07-27 04:08 - 000183220 _____ C:\Users\AIRWORX 2\Downloads\Appsdiagnostic10.diagcab

==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-26 13:16 - 2017-07-24 05:01 - 000061273 _____ C:\Users\AIRWORX 2\Desktop\FRST.txt
2017-08-26 13:16 - 2017-07-24 05:01 - 000000000 ____D C:\FRST
2017-08-26 13:10 - 2017-07-14 05:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-26 12:33 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-26 12:30 - 2017-07-14 05:45 - 001457128 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-26 12:26 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-26 12:25 - 2017-07-14 06:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-26 12:25 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-26 12:25 - 2016-07-01 17:30 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-25 19:54 - 2017-07-14 05:46 - 000000000 ____D C:\Users\AIRWORX 2
2017-08-25 16:08 - 2014-03-04 13:32 - 000000876 _____ C:\WINDOWS\ODBCINST.INI
2017-08-25 16:08 - 2014-03-04 13:32 - 000000000 ____D C:\Program Files (x86)\MySQL
2017-08-25 16:07 - 2014-03-04 13:45 - 000000000 ____D C:\ProgramData\RockGymPro
2017-08-25 13:22 - 2017-07-14 06:12 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBB8FF06-B999-4A95-A7CE-15C213181723}
2017-08-25 10:13 - 2014-04-18 14:27 - 000000000 ____D C:\Program Files (x86)\ASAP Utilities
2017-08-25 08:44 - 2017-02-20 08:22 - 000000000 ____D C:\Program Files\Recuva
2017-08-24 10:18 - 2017-06-27 05:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Belkasoft
2017-08-24 09:57 - 2016-09-30 14:07 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-24 08:26 - 2017-07-14 06:11 - 000003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAIRWORX 2
2017-08-24 07:31 - 2017-07-14 05:44 - 001455524 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-24 04:50 - 2014-04-24 11:22 - 000000000 ___SD C:\Users\AIRWORX 2\Documents\My Data Sources
2017-08-23 07:56 - 2014-03-13 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2017-08-23 07:51 - 2014-03-13 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2017-08-23 07:51 - 2014-03-13 16:37 - 000000000 ____D C:\Program Files (x86)\Epson Software
2017-08-23 06:27 - 2017-03-16 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-23 06:27 - 2014-05-28 14:19 - 000002118 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-08-23 06:27 - 2014-05-28 14:19 - 000002116 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-08-23 06:27 - 2014-05-28 14:19 - 000002106 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-08-23 05:29 - 2017-07-24 05:04 - 000058039 _____ C:\Users\AIRWORX 2\Desktop\Addition.txt
2017-08-23 03:36 - 2017-07-12 06:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-22 19:37 - 2017-03-18 14:03 - 000000000 ____D C:\PerfLogs
2017-08-22 11:32 - 2017-06-20 08:47 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2017-08-22 04:42 - 2016-05-05 12:19 - 000000034 _____ C:\WINDOWS\SysWOW64\bd4040cn.dat
2017-08-22 04:42 - 2016-05-05 12:19 - 000000026 _____ C:\WINDOWS\BRPP2KA.INI
2017-08-21 08:47 - 2017-07-24 05:12 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-08-19 13:33 - 2017-05-15 11:04 - 000050228 _____ C:\Users\AIRWORX 2\Documents\Mary Brooks.flp
2017-08-19 13:33 - 2017-05-03 08:35 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Family Lawyer
2017-08-18 10:37 - 2017-07-24 11:07 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-08-18 10:23 - 2017-07-24 09:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-18 09:47 - 2014-09-11 15:41 - 000000496 _____ C:\Users\AIRWORX 2\Desktop\ITSupport247 (3).website
2017-08-18 09:06 - 2014-03-13 11:19 - 000000000 ____D C:\ProgramData\LogMeIn
2017-08-18 08:20 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-18 08:07 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-18 07:56 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-08-18 07:56 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-08-18 07:40 - 2016-04-26 23:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-17 13:39 - 2017-07-12 06:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-17 13:27 - 2014-07-02 11:24 - 000002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 05:57 - 2017-07-11 04:04 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-17 05:57 - 2017-07-11 04:03 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-17 05:54 - 2017-07-11 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-17 04:03 - 2017-07-12 09:28 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-15 08:30 - 2014-03-26 16:20 - 000000000 ___RD C:\Users\AIRWORX 2\Dropbox
2017-08-15 05:59 - 2015-01-29 18:03 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ElevatedDiagnostics
2017-08-14 20:05 - 2017-05-03 08:26 - 000000000 ____D C:\Program Files (x86)\Family Lawyer
2017-08-14 09:17 - 2014-03-04 13:12 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ESET
2017-08-14 09:12 - 2017-06-26 09:52 - 000181160 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2017-08-14 08:59 - 2017-07-14 06:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-11 10:03 - 2017-05-31 09:35 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Samsung
2017-08-11 10:03 - 2017-05-31 09:35 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-08-10 20:23 - 2017-06-26 07:42 - 000000000 ____D C:\ProgramData\ESET
2017-08-10 20:17 - 2014-03-27 13:37 - 000000000 ____D C:\Program Files (x86)\DahuaTech
2017-08-10 03:41 - 2017-07-14 06:11 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 03:41 - 2017-01-24 15:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-09 13:11 - 2015-07-13 07:14 - 000132824 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-08-09 11:55 - 2014-01-11 04:08 - 000180232 ____N C:\WINDOWS\Minidump\080917-30328-01.dmp
2017-08-09 11:52 - 2014-03-06 03:09 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 11:52 - 2014-03-06 03:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 11:36 - 2017-06-26 07:43 - 000002065 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-08-09 11:17 - 2017-02-16 07:37 - 000000000 ____D C:\Users\AIRWORX 2\.android
2017-08-09 10:34 - 2017-07-11 09:24 - 000000602 _____ C:\junk.txt
2017-08-09 02:26 - 2014-11-12 15:43 - 000099886 ____H C:\Users\AIRWORX 2\Desktop\.ppinfocache
2017-08-09 02:26 - 2014-11-12 15:43 - 000010568 ____H C:\Users\AIRWORX 2\Desktop\maxdesk.ini2
2017-08-09 02:26 - 2014-11-12 15:43 - 000008344 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn2
2017-08-09 02:26 - 2014-11-12 15:33 - 007196349 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn
2017-08-09 02:26 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\.oit
2017-08-08 10:12 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Nuance
2017-08-08 05:09 - 2017-07-11 13:45 - 000031995 _____ C:\VEW.txt
2017-08-07 14:34 - 2017-07-26 10:47 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (3).exe
2017-08-07 08:40 - 2013-10-14 16:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-08-07 08:34 - 2014-01-10 13:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Packages
2017-08-04 10:36 - 2017-07-25 07:46 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Encrypted documents
2017-08-03 10:06 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-03 04:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-02 12:02 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-02 10:02 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-02 09:23 - 2015-06-05 11:23 - 000000000 ____D C:\Program Files (x86)\SetupLogs
2017-08-02 09:01 - 2015-04-20 17:06 - 000000000 __RDO C:\Users\AIRWORX 2\OneDrive
2017-08-02 08:06 - 2015-01-07 12:51 - 000001552 _____ C:\Users\AIRWORX 2\Desktop\iexplore - Shortcut.lnk
2017-08-02 03:02 - 2017-07-07 09:56 - 017225690 _____ C:\Users\AIRWORX 2\Desktop\calls and txtsBook2.xlsx
2017-08-01 13:25 - 2014-01-11 04:08 - 000178568 ____N C:\WINDOWS\Minidump\080117-28453-01.dmp
2017-07-31 15:37 - 2014-01-21 15:23 - 000000000 ___RD C:\Users\AIRWORX 2\Google Drive
2017-07-31 15:16 - 2015-07-08 12:08 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Western Digital
2017-07-31 02:19 - 2015-11-12 07:03 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-31 02:17 - 2015-10-29 23:28 - 000000000 ____D C:\Users\Default.migrated
2017-07-28 02:15 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Visual Studio Setup
2017-07-28 02:15 - 2017-07-26 10:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-28 02:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-28 02:14 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-27 10:31 - 2012-07-25 22:26 - 000000222 _____ C:\WINDOWS\win.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2017-07-14 06:30] - [2017-07-14 06:30] - 000706560 _____ (Microsoft Corporation) 31E3287EF6D97C5864A301CEA75BBBA1

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2017-07-14 06:22] - [2017-07-14 06:22] - 001085440 _____ (Microsoft Corporation) 0E79A4C76CAAA0CFE9CA42C13E5AA086

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-26 09:47

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by AIRWORX 2 (26-08-2017 13:19:20)
Running from C:\Users\AIRWORX 2\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 13:25:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2671885098-678752524-1400920573-500 - Administrator - Disabled) => C:\Users\Administrator
airwo (S-1-5-21-2671885098-678752524-1400920573-1008 - Administrator - Enabled) => C:\Users\airwo
AIRWORX 2 (S-1-5-21-2671885098-678752524-1400920573-1001 - Administrator - Enabled) => C:\Users\AIRWORX 2
DefaultAccount (S-1-5-21-2671885098-678752524-1400920573-503 - Limited - Disabled)
Guest (S-1-5-21-2671885098-678752524-1400920573-501 - Limited - Disabled)
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{05E5AD66-7CD0-4719-A229-0D3A7A5240D2}) (Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.1 - Bastien Mensink - A Must in Every Office BV)
Broderbund Family Lawyer (HKLM-x32\...\{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase) Hidden
Broderbund Family Lawyer (HKLM-x32\...\InstallShield_{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase)
Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.0 - DB Browser for SQLite Team)
Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EMET 5.52 (HKLM-x32\...\{BC26560D-1FC4-4DD5-8756-7E0606A79AE3}) (Version: 5.52 - Microsoft Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Escaperoom Software (HKLM-x32\...\{7BAA7E0D-9B92-4FE7-AEC8-F11EAE801922}) (Version: 3.1.0.0 - Escaperoom Software)
ESET Smart Security (HKLM\...\{2B587448-4CE3-4196-A237-A425E557F052}) (Version: 10.1.204.0 - ESET, spol. s r.o.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LG Mobile Drivers (HKLM-x32\...\{D8D0327A-72B4-4C79-9883-1B6B6C20ED2B}) (Version: 4.0.3 - LG Electronics)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}) (Version: 5.1.12 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{62749F06-4DFD-477D-9724-751366511E5D}) (Version: 5.3.9 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{97EFE060-CE35-4709-9B3A-5D3C8F686FED}) (Version: 5.0.90 - MySQL AB)
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rock Gym Pro (HKLM-x32\...\{827570FB-0E88-444C-ADBC-9E799571E292}) (Version: 1.1.21247 - RGP Development LLC)
RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software)
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shutterfly Uploader (HKLM-x32\...\{CD928A00-1C70-4353-B9B9-7BC8600F3E43}) (Version: 2.9.0.737 - Shutterfly, Inc.)
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.03 - TaxAct, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WorkForce GT-1500 Scanner Driver Update (HKLM-x32\...\{37D0F29D-AB95-4598-ACF0-D3CC38C161D9}) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
 
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [Zeon.MFCDirectShellExt] -> {353C642C-F13D-4699-9FF2-EFAF490B6C69} => C:\Program Files (x86)\Nuance\PDFCreate\bin\DirectShellExt.dll [2010-07-16] (Zeon International Investment Corp. )
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005B78DE-9ECF-4C1D-85D3-6330FE864BA6} - System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {073958F3-8E5F-4CF7-8625-ABD15377481E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {264F49CB-3415-488D-B8DA-9F6F8BE48331} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {2EE58945-C40B-43A8-A167-173E412D9D98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37C32B19-9630-4A28-9E5A-8EA8CD06CFA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {3BBEDA70-02DB-4E54-B6A5-E773003872B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {46064571-564C-4D46-9842-A167DDF1D942} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4FD0925E-6E79-4BC0-A382-3D5CCA5C36B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {5DB34D0B-4B82-47F6-B06D-2D195446A83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {612631C4-9A61-40CE-BCC3-59F7F616179C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {7A8C073B-9921-4385-A061-FF8B5410A453} - System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\SAAZOD\Uninstall\uninstall.exe -c "/U:C:\PROGRA~2\SAAZOD\Uninstall\uninstall.xml"
Task: {8258540A-E194-4B1C-A446-B100E53A7B7B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {8A6CE6D2-BAFF-47BD-B636-5632FA76D78E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8EE60D19-E484-4EC5-87B6-BEB1AE19CF50} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8F630B83-069D-434E-B4C4-59AD3C10A507} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-airworx@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {916845C6-0741-433C-AC62-C4B3A5F302DB} - System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {ACE8B2E6-FDA5-4314-A2D5-4B96CC439AEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B0F52980-9E9F-4BE0-971E-08686D2B7726} - System32\Tasks\HPCeeScheduleForAIRWORX 2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B9FA1D84-F00D-445B-8400-F7C7E90DD53E} - System32\Tasks\RGP Backup => C:\Program Files (x86)\Rock Gym Pro\Backup.exe [2017-06-04] ()
Task: {E622463C-A190-4A30-A528-A6EF1AACE5FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {E6505B7C-6B08-451F-A300-AF1087B421C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FD8EB85B-000D-4D3B-861F-700C79FA8A4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\600fb694c0849943\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 9"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Brandi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) ==============

2005-09-09 03:24 - 2005-09-09 03:24 - 000102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-08 02:07 - 2017-06-08 02:07 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 02:11 - 2017-07-25 02:11 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 02:11 - 2017-07-25 02:11 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-03 22:39 - 2017-08-03 22:39 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 02:07 - 2017-06-08 02:07 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-14 12:21 - 2017-06-14 12:22 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-07-22 02:52 - 2017-07-22 02:52 - 004323328 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-07-14 04:41 - 2017-07-14 04:47 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 12:53 - 2017-07-12 13:01 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-24 11:41 - 2017-07-12 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 15:18 - 2017-07-12 13:01 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-25 12:07 - 2017-07-12 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-28 16:09 - 2017-07-12 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 11:59 - 2017-07-12 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Control Panel\Desktop\\Wallpaper -> c:\users\airworx 2\appdata\local\microsoft\windows\themes\transcodedwallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: CDPUserSvc_492c3 => 2
MSCONFIG\Services: CDPUserSvc_5d4d8 => 2
MSCONFIG\Services: MessagingService_492c3 => 3
MSCONFIG\Services: MessagingService_5d4d8 => 3
MSCONFIG\Services: OneSyncSvc_492c3 => 2
MSCONFIG\Services: OneSyncSvc_5d4d8 => 2
HKLM\...\StartupApproved\StartupFolder: => "BackupRemind.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Lathem.USBTM.UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE1C0E05-3334-4A29-BA76-AC00A18D6890}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-08-2017 11:35:41 Windows Backup
21-08-2017 12:18:54 Windows Update
23-08-2017 07:50:29 Installed Epson Software Updater
25-08-2017 16:06:30 Installed MySQL Connector/ODBC 5.1

==================== Faulty Device Manager Devices =============

Name: Acronis Backup Archive Explorer
Description: Acronis Backup Archive Explorer
Class Guid: {1860459d-4692-4825-b761-44a725991050}
Manufacturer: Acronis, Inc.
Service: timounter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2017 12:32:55 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (08/26/2017 12:32:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/26/2017 11:48:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/26/2017 11:48:42 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (08/26/2017 05:01:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (08/25/2017 07:55:19 PM) (Source: MsiInstaller) (EventID: 11316) (User: AIRWORX2-PC)
Description: Product: Rock Gym Pro -- Error 1316. The specified account already exists.

Error: (08/25/2017 07:53:26 PM) (Source: MsiInstaller) (EventID: 11706) (User: AIRWORX2-PC)
Description: Product: Rock Gym Pro -- Error 1706. An installation package for the product Rock Gym Pro cannot be found. Try the installation again using a valid copy of the installation package 'rgpupdate.msi'.

Error: (08/25/2017 04:30:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: AIRWORX2-PC)
Description: Product: Rock Gym Pro -- Error 1316. The specified account already exists.

Error: (08/25/2017 04:30:32 PM) (Source: MsiInstaller) (EventID: 11706) (User: AIRWORX2-PC)
Description: Product: Rock Gym Pro -- Error 1706. An installation package for the product Rock Gym Pro cannot be found. Try the installation again using a valid copy of the installation package 'rgpupdate.msi'.

Error: (08/25/2017 04:29:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MySQLInstanceConfig.exe version 1.0.16.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 70c

Start Time: 01d31df7542fd048

Termination Time: 13

Application Path: C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\MySQLInstanceConfig.exe

Report Id: 4614af68-ff03-4cbb-8c86-929a15bb1fd6

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (08/26/2017 12:33:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 2017-08 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4034662).

Error: (08/26/2017 12:27:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MySQL service terminated unexpectedly. It has done this 1 time(s).

Error: (08/26/2017 12:26:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/26/2017 12:26:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-08-26 12:37:26.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 02:16:19.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 02:36:58.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:57.237
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:56.202
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:55.119
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:54.048
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:53.024
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:51.364
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:50.256
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A8-6500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 7365.48 MB
Available physical RAM: 4674.39 MB
Total Virtual: 7765.48 MB
Available Virtual: 5008.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1842.47 GB) (Free:1722.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume E) (Fixed) (Total:1863.01 GB) (Free:1856.04 GB) NTFS
Drive h: () (Removable) (Total:14.9 GB) (Free:13.92 GB) FAT32
Drive I: () (Removable) (Total:59.47 GB) (Free:59.45 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8834CD72)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FA690411)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 59.5 GB) (Disk ID: 5D64B022)
Partition 1: (Active) - (Size=59.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
I'm seeing a lot of eset issues noted here, there were also several several reg edits, that were uploaded, made to all programs, but mostly to eset, and I also noticed, that many of the certificates, that seem to be running in pc, are signed my eset, or microsoft.
 
When I originally downloaded malwarebites, I put it in professional mode, somehow, and it found like between 2000 and 3000 "hooks" every scan. I have those logs too, if you'd like to see them. I probably should have mentioned before, one network, that is at one of the locations for my work, had a virus/something, that encrypted all the Microsoft files, and I log into that system, to do various tasks, for work, remotely often. I maintain their POS and server software/PC's. That may be where this came from, but from what I've read, it seeming affects several windows 10 pc's. I don't use skype, nor xbox anything. Nor Go to my pc, we use an it portal that uses log me in, for unattended remote access but it's not two way, only I access their pc's through an IT portal. Several other programs, I feel have been hijacked, including mysql database, (cannot access my pos software any longer, that uses mysql db and it's seemingly all changed from the way it was hosted, to the microsoft version.
 
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
ESET Smart Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 131
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (60.0.3112.101)
Google Chrome (Plugins...)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by AIRWORX 2 (administrator) on 27-08-2017 at 11:21:26
Running from "C:\Users\AIRWORX 2\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0030720 ____A (Microsoft Corporation) A85EB5721C7203AAAAAA04F551960CD9

C:\Windows\System32\drivers\nsiproxy.sys
[2017-03-18 13:57] - [2017-03-18 13:57] - 0041984 ____A (Microsoft Corporation) 7A6BA778B48DF9FB7AC231D4FF6E3248

C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0282624 ____A (Microsoft Corporation) FC3AA34608A69BDAC67E31FB70C8A720

C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0972288 ____A (Microsoft Corporation) FA53A01517BBA97EA3B71CF5CC2052F4

C:\Windows\System32\bfe.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0815616 ____A (Microsoft Corporation) 1FDC6CB56572203E6F4BF4E3FB30B886

C:\Windows\System32\drivers\mpsdrv.sys
[2017-03-18 13:58] - [2017-03-18 13:58] - 0076800 ____A (Microsoft Corporation) AD118EC95E9EF4D5223D681D8F183567

C:\Windows\System32\SDRSVC.dll
[2017-03-18 13:59] - [2017-03-18 13:59] - 0145920 ____A (Microsoft Corporation) 847F01FB8504425BB255856A14278A86

C:\Windows\System32\vssvc.exe
[2017-03-18 13:57] - [2017-03-18 13:57] - 1550848 ____A (Microsoft Corporation) 0BB73BF6FDDD19DE3DE9377EA95E4C64

C:\Windows\System32\wscsvc.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0208896 ____A (Microsoft Corporation) D4A0661AB0FE542460CA76BFB4FAA2D6

C:\Windows\System32\wbem\WMIsvc.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0221696 ____A (Microsoft Corporation) 9A26F7834706A6D8C8824EB08FD7C362

C:\Windows\System32\wuaueng.dll
[2017-07-14 06:30] - [2017-07-14 06:30] - 2444288 ____A (Microsoft Corporation) 359A4FC47628C0E66894B80C97932C71

C:\Windows\System32\qmgr.dll
[2017-03-18 13:58] - [2017-03-18 13:58] - 1159680 ____A (Microsoft Corporation) 5C0D4DBACB90D9ECE77907F4F6CF9EF6

C:\Windows\System32\es.dll
[2017-03-18 13:57] - [2017-03-18 13:57] - 0452096 ____A (Microsoft Corporation) 1541374239F33512D7F4D24ED1E9238C

C:\Windows\System32\cryptsvc.dll
[2017-03-18 13:58] - [2017-03-18 13:58] - 0094720 ____A (Microsoft Corporation) 1F7F1A15B807BC7B241BB2FEEA79BC92

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll
[2017-03-18 13:58] - [2017-03-18 13:58] - 0537600 ____A (Microsoft Corporation) 87B083252816171A17F833CBCB7AA85E

C:\Windows\System32\iphlpsvc.dll
[2017-03-18 13:58] - [2017-03-18 13:58] - 0996864 ____A (Microsoft Corporation) 57A93FCF94FAB8C2161335E56C81CD16

C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2017-07-14 06:22] - [2017-07-14 06:22] - 1085440 ____A (Microsoft Corporation) 0E79A4C76CAAA0CFE9CA42C13E5AA086



**** End of log ****
 
By the way, firewall blocked some of the last services scans, let me know if I should disable and rerun. THX :eek:)
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Latest posts

Back