Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adobe Acrobat - AdobeARM.exe file corrupted

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby nickshaver06 » September 3rd, 2019, 9:19 pm

First of all, thank you for any help you are able to give with this problem!

My primary issue is that every time I open a PDF with Adobe, I get the following two error messages:

Error Message #1:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
The file or directory is corrupted and unreadable.

Immediately followed by:
Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

The adobe fix online said to run CheckDisk, which I did and that unfortunately did not solve the problem. I found some other sites online that said it could be Malware, and I stumbled upon your great website.

(A secondary issue that has me suspicious is that my computer internet sometimes cuts out - even though my wife's computer has no issues - and restarting the computer sometimes helps... so I'm not sure about that one... but if something comes up with that that would be helpful!)

Thank you for the work you do.




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by nickshaver06 (administrator) on SHAVERHOME (Dell Inc. Inspiron 11 - 3147) (03-09-2019 20:46:18)
Running from C:\Users\nickshaver06\Downloads
Loaded Profiles: nickshaver06 (Available Profiles: nickshaver06)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387224 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3775816 2014-02-27] (Wistron Corporation -> Dell Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] (FabulaTech -> )
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1321984 2019-02-05] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Dropbox Update] => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Google Update] => C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\GoogleUpdateCore.exe [1081640 2019-08-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\MountPoints2: {1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} - "E:\DTVaultPrivacy.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-26] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FF248D-4CA2-449B-B54C-35D418AFF703} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {05868E8A-E8B1-4361-9907-2F8F4316F849} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {09F565C9-0DFC-46CE-A48F-95F73B1C61E8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1163352 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {21043663-9D55-490C-B171-55C19AB98E38} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {21043663-9D55-490C-B171-55C19AB98E38} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {24649D75-686F-482E-AA27-A37FCFBB1DFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-06-25] (Google Inc -> Google Inc.)
Task: {2C77453B-8D50-4612-9BBE-37A771F9386F} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [6656 2015-12-12] () [File not signed] <==== ATTENTION
Task: {2EC7A0FB-9C58-4C92-B7A3-43D07F05881D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4629EC2B-2B24-4FA7-A18E-493BAC9007B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DA19172-4857-439E-95C2-45CFAE6CF62F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1067736 2015-10-28] () [File not signed]
Task: {5DAF7BF0-E87A-484A-9EAD-4813E92C3976} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A2F118FE-D74F-43A1-90B3-FF77C4D38A69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-06-25] (Google Inc -> Google Inc.)
Task: {AD4875B7-A94A-450C-A038-B2D09E15FC47} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {AD4875B7-A94A-450C-A038-B2D09E15FC47} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {BE8574E2-C951-4C85-ADBC-B504239DA72F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFEAF30A-CC78-490C-A670-6549D1ACA1C5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3EF6070-C899-4FB3-A237-FBFDB17B89F6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D02D87FC-D1E5-4F6B-82C8-EB04E7585035} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387224 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D3EC277F-793D-4741-A600-43AE0FE268BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA => C:\Users\nickshaver06\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-05] (Google Inc -> Google Inc.)
Task: {E198A809-E8C7-45AC-ADBF-802FC99B1C76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core => C:\Users\nickshaver06\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-05] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core.job => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA.job => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{B6C9BB14-55E2-405F-8B2A-D9B80E42738E}: [DhcpNameServer] 192.168.200.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> DefaultScope {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {540F9C83-EED3-414F-BDA5-9D527B2B5CA7} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150905085117.dll [2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150905085119.dll [2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\nickshaver06\AppData\Roaming\Mozilla\Firefox\Profiles\6p6zh3u3.default-1479655099617 [2019-03-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-09-01] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-09-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\nickshaver06\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @talk.google.com/O1DPlugin -> C:\Users\nickshaver06\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @tools.google.com/Google Update;version=3 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\npGoogleUpdate3.dll [2019-08-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @tools.google.com/Google Update;version=9 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\npGoogleUpdate3.dll [2019-08-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\nickshaver06\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2016-07-05]
FF Plugin ProgramFiles/Appdata: C:\Users\nickshaver06\AppData\Roaming\mozilla\plugins\npo1d.dll [2016-07-05]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://accounts.google.com/signin/v2/i ... rviceLogin
CHR StartupUrls: Default -> "hxxps://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin","hxxp://www.weather.com/weather/tenday/USOH0188","hxxp://www.google.com/"
CHR Profile: C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default [2019-09-03]
CHR Extension: (Google Drive) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Audiotool) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-16]
CHR Extension: (YouTube) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (hxxps://www.google.com/calendar/render?tab=mc) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfcnnjfpalolhpacllfghflhanpgmae [2015-02-05]
CHR Extension: (hxxps://www.google.com/voice#inbox) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppnbohmflmmlhmjibmdldokcbmlnif [2015-02-05]
CHR Extension: (Dictation for Gmail) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggdmhdpffgikgakkfojgiledkekfdce [2019-08-25]
CHR Extension: (hxxps://maps.google.com/) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\fechlkhcpcpaffdigchfolpfbpnbpcgi [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-29]
CHR Extension: (TwistedWave) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2015-08-16]
CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2019-09-01]
CHR Extension: (LipSurf - Voice Control for the Web) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnnmjmalakahagblkkcnjkoaihlfglon [2019-08-31]
CHR Extension: (Google Classroom) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] (FabulaTech -> )
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] (FabulaTech -> )
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc. -> McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [215104 2015-10-29] (McAfee, Inc. -> McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (Dell Inc. -> SoftThinks SAS)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-10-13] (VMware, Inc. -> VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (FabulaTech -> VMware)
S4 WavesSysSvc; C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe [497664 2014-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-10-14] (VMware, Inc. -> VMware, Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-09] (Realtek Semiconductor Corp -> Realtek )
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22168 2012-07-13] (STMicroelectronics -> ST Microelectronics)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83968 2013-11-21] (Microsoft Windows Hardware Compatibility Publisher -> STMicroelectronics)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [73616 2019-02-05] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-03 20:46 - 2019-09-03 20:49 - 000029060 _____ C:\Users\nickshaver06\Downloads\FRST.txt
2019-09-03 20:45 - 2019-09-03 20:46 - 000000000 ____D C:\FRST
2019-09-03 20:26 - 2019-09-03 20:26 - 001615360 _____ (Farbar) C:\Users\nickshaver06\Downloads\FRST64.exe
2019-09-03 20:21 - 2019-09-03 20:21 - 000000967 _____ C:\Users\nickshaver06\Desktop\Balabolka.lnk
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\Documents\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Program Files (x86)\Balabolka
2019-09-03 15:38 - 2019-09-03 20:18 - 017973561 _____ C:\Users\nickshaver06\Downloads\balabolka.zip
2019-09-03 15:09 - 2019-09-03 15:09 - 000000000 ___RD C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2019-09-01 19:50 - 2019-09-03 20:20 - 018158212 _____ (Ilya Morozov) C:\Users\nickshaver06\Documents\setup.exe
2019-09-01 19:22 - 2019-09-03 20:20 - 000002732 _____ C:\Users\nickshaver06\Documents\readme.rus.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002603 _____ C:\Users\nickshaver06\Documents\readme.slk.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002561 _____ C:\Users\nickshaver06\Documents\readme.cze.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002541 _____ C:\Users\nickshaver06\Documents\readme.ita.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002452 _____ C:\Users\nickshaver06\Documents\readme.eng.txt
2019-09-01 19:21 - 2019-09-03 20:20 - 000060123 _____ C:\Users\nickshaver06\Documents\history.rus.txt
2019-09-01 19:21 - 2019-09-03 20:20 - 000057225 _____ C:\Users\nickshaver06\Documents\history.eng.txt
2019-08-31 11:19 - 2019-08-31 11:19 - 000000439 _____ C:\Users\nickshaver06\Desktop\Fine-PARwithinandbeyondprison-1.txt
2019-08-29 11:01 - 2019-08-29 11:01 - 002999824 _____ (Awind) C:\Users\nickshaver06\Downloads\AirMedia-0e6ce0_.10.132.3.157.exe
2019-08-29 11:01 - 2019-08-29 11:01 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\AirMedia
2019-08-27 09:59 - 2019-08-27 09:59 - 000078726 _____ C:\Users\nickshaver06\Downloads\Extras.Txt
2019-08-27 09:54 - 2019-08-27 09:54 - 000146372 _____ C:\Users\nickshaver06\Downloads\OTL.Txt
2019-08-27 09:14 - 2019-08-27 09:14 - 000602112 _____ (OldTimer Tools) C:\Users\nickshaver06\Downloads\OTL.exe
2019-08-27 09:12 - 2019-08-27 09:13 - 000157808 _____ C:\TDSSKiller.2.8.16.0_27.08.2019_09.12.16_log.txt
2019-08-27 09:12 - 2019-08-27 09:12 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\nickshaver06\Desktop\tdsskiller.exe
2019-08-27 09:05 - 2019-08-27 09:05 - 000468480 _____ () C:\Users\nickshaver06\Downloads\CKScanner.exe
2019-08-26 09:23 - 2019-08-26 09:23 - 000000000 ____D C:\Users\nickshaver06\Documents\YBC Big Files
2019-08-26 09:21 - 2019-09-03 15:09 - 000002186 _____ C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2019-08-26 09:19 - 2019-08-26 09:19 - 000321832 _____ C:\Windows\Minidump\082619-36109-01.dmp
2019-08-26 09:17 - 2019-08-26 09:17 - 006705275 _____ C:\Users\nickshaver06\Desktop\_YBC_Materials_ForTeam.zip
2019-08-24 15:03 - 2019-08-24 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wordle
2019-08-24 15:03 - 2019-08-24 15:03 - 000000000 ____D C:\Program Files (x86)\wordle
2019-08-24 15:02 - 2019-08-24 15:02 - 008762368 _____ () C:\Users\nickshaver06\Downloads\wordle_windows_0_2.exe
2019-08-24 10:36 - 2019-08-24 10:36 - 000000000 _____ C:\Windows\invcol.tmp
2019-08-23 08:59 - 2019-08-23 08:59 - 000000000 ____D C:\Users\nickshaver06\.cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\Cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\ProgramData\Cisco
2019-08-23 08:57 - 2019-02-05 12:04 - 000263640 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2019-08-23 08:56 - 2019-08-23 08:56 - 005734672 _____ (Cisco Systems, Inc.) C:\Users\nickshaver06\Downloads\anyconnect-win-4.6.04056-core-vpn-webdeploy-k9.exe
2019-08-22 23:26 - 2019-09-02 09:36 - 000000000 _____ C:\Users\nickshaver06\Documents\.Rhistory
2019-08-22 22:44 - 2019-08-22 22:46 - 000000000 ____D C:\ProgramData\Temp
2019-08-22 22:19 - 2019-08-22 22:19 - 000000000 ____D C:\Windows\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
2019-08-22 22:19 - 2019-08-22 22:19 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\VMware
2019-08-22 22:19 - 2015-07-30 19:46 - 000057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2019-08-22 22:08 - 2019-08-22 22:08 - 000000000 ____D C:\ProgramData\VMware
2019-08-22 22:07 - 2019-08-23 09:02 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\VMware
2019-08-22 22:07 - 2019-08-22 22:07 - 000000000 ____D C:\Program Files\Common Files\VMware
2019-08-22 22:07 - 2019-08-22 22:07 - 000000000 ____D C:\Program Files (x86)\VMware
2019-08-22 22:05 - 2019-08-22 22:05 - 039458928 _____ (VMware, Inc.) C:\Users\nickshaver06\Downloads\VMware-Horizon-View-Client-x86_64-3.5.2-3150477.exe
2019-08-22 21:56 - 2019-09-02 09:36 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\RStudio
2019-08-22 21:35 - 2019-08-22 21:35 - 000000000 ____D C:\Users\nickshaver06\Documents\R
2019-08-22 21:34 - 2019-09-02 09:36 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\RStudio-Desktop
2019-08-22 21:32 - 2015-08-22 09:42 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-08-22 21:28 - 2019-08-22 21:28 - 015080792 _____ (Microsoft Corporation) C:\Users\nickshaver06\Downloads\vc_redist.x64.exe
2019-08-22 21:24 - 2019-08-22 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2019-08-22 21:22 - 2019-08-22 21:24 - 000000000 ____D C:\Program Files\RStudio
2019-08-22 21:20 - 2019-08-22 21:22 - 133103936 _____ (RStudio, Inc.) C:\Users\nickshaver06\Downloads\RStudio-1.2.1335.exe
2019-08-22 21:20 - 2019-08-22 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2019-08-22 21:16 - 2019-08-22 21:16 - 000000000 ____D C:\Program Files\R
2019-08-22 21:14 - 2019-08-22 21:15 - 084681344 _____ (R Core Team ) C:\Users\nickshaver06\Downloads\R-3.6.1-win.exe
2019-08-19 11:11 - 2019-08-19 15:10 - 000000060 _____ C:\Users\nickshaver06\Desktop\Base Camp Time Sheet.txt
2019-08-14 14:49 - 2019-08-14 14:49 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-08-07 11:20 - 2019-08-19 09:34 - 000000189 _____ C:\Users\nickshaver06\Desktop\TimeSheet - Tylers Work Macros.txt
2019-08-07 11:19 - 2019-09-02 11:20 - 000000798 _____ C:\Users\nickshaver06\Desktop\Time sheet - Almanac Programming.txt
2019-08-05 11:00 - 2019-08-05 11:00 - 000000276 _____ C:\Users\nickshaver06\Desktop\Jordan - Next Steps.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-03 21:00 - 2018-07-29 15:04 - 000000000 ____D C:\Users\nickshaver06\Desktop\Torch Prep Big Files
2019-09-03 20:51 - 2015-06-16 10:58 - 000000968 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA.job
2019-09-03 20:24 - 2015-02-05 18:22 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\Packages
2019-09-03 20:20 - 2019-06-22 21:35 - 000004693 _____ C:\Users\nickshaver06\Documents\license.rus.txt
2019-09-03 20:20 - 2019-05-29 20:42 - 000005432 _____ C:\Users\nickshaver06\Documents\license.slk.txt
2019-09-03 20:20 - 2018-08-23 10:52 - 000005305 _____ C:\Users\nickshaver06\Documents\license.cze.txt
2019-09-03 20:20 - 2018-03-24 02:58 - 000005707 _____ C:\Users\nickshaver06\Documents\license.ita.txt
2019-09-03 20:20 - 2018-03-24 02:57 - 000004967 _____ C:\Users\nickshaver06\Documents\license.eng.txt
2019-09-03 15:48 - 2015-02-05 18:27 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023352508-1266729709-51963614-1001
2019-09-03 15:21 - 2015-08-07 15:20 - 000000000 ___DO C:\Users\nickshaver06\OneDrive
2019-09-03 15:21 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-09-03 15:15 - 2014-12-27 11:49 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-09-03 15:11 - 2014-03-18 05:53 - 000005388 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-03 15:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\Registration
2019-09-03 15:06 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-03 08:51 - 2015-06-16 10:58 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core.job
2019-09-03 08:50 - 2019-01-20 14:04 - 000000166 _____ C:\Users\nickshaver06\Desktop\Invite to Next Potluck.txt
2019-09-03 08:47 - 2017-08-01 20:06 - 000000934 _____ C:\Users\nickshaver06\Desktop\BECKS LIST to Buy.txt
2019-09-02 19:49 - 2019-06-18 14:45 - 000000607 _____ C:\Users\nickshaver06\Desktop\Timesheet - Content Alignment TimeSheet.txt
2019-09-02 09:36 - 2015-02-05 18:45 - 000000000 ___RD C:\Users\nickshaver06\Dropbox
2019-09-02 09:31 - 2015-02-16 12:53 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\CrashDumps
2019-08-31 14:55 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-08-31 14:52 - 2015-02-05 18:22 - 000000000 ____D C:\Users\nickshaver06
2019-08-28 21:05 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-08-26 14:52 - 2015-06-25 12:36 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-26 09:19 - 2015-06-10 09:24 - 376176329 _____ C:\Windows\MEMORY.DMP
2019-08-26 09:19 - 2015-06-10 09:24 - 000000000 ____D C:\Windows\Minidump
2019-08-24 10:37 - 2014-12-27 10:19 - 000000000 ____D C:\DELL
2019-08-23 09:02 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-08-23 08:57 - 2014-12-27 11:43 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-08-22 22:45 - 2014-12-27 11:56 - 000000000 ____D C:\Program Files (x86)\Dell
2019-08-22 22:45 - 2014-12-27 11:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-08-22 22:45 - 2014-12-27 10:40 - 000000000 ____D C:\ProgramData\DELL
2019-08-22 22:35 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-22 21:49 - 2017-02-12 13:34 - 000000000 ____D C:\Users\nickshaver06\Documents\Old Dropbox Teaching Files
2019-08-22 21:33 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-08-22 21:31 - 2014-12-27 11:34 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-22 08:46 - 2015-06-16 10:58 - 000003928 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA
2019-08-22 08:46 - 2015-06-16 10:58 - 000003548 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core
2019-08-20 10:18 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-20 10:16 - 2015-02-07 10:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-08-19 10:24 - 2018-06-22 14:37 - 000000000 ___RD C:\Users\nickshaver06\Documents\Scanned Documents
2019-08-15 20:11 - 2016-07-05 16:37 - 000003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA
2019-08-15 20:11 - 2016-07-05 16:37 - 000003246 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core
2019-08-14 14:50 - 2015-02-05 18:38 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Dropbox

==================== FLock ================

2014-12-27 12:59 C:\System Recovery

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-29 14:04
==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by nickshaver06 (03-09-2019 21:01:00)
Running from C:\Users\nickshaver06\Downloads
Windows 8.1 (Update) (X64) (2015-02-05 22:22:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1023352508-1266729709-51963614-500 - Administrator - Disabled)
Guest (S-1-5-21-1023352508-1266729709-51963614-501 - Limited - Disabled)
nickshaver06 (S-1-5-21-1023352508-1266729709-51963614-1001 - Administrator - Enabled) => C:\Users\nickshaver06

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.15.0.710 - Ilya Morozov)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.6.04056 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{313E239A-6D0E-45E8-9890-A4C698A43EAE}) (Version: 4.6.04056 - Cisco Systems, Inc.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.3 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Dropbox) (Version: 79.4.143 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP ENVY 4520 series Basic Device Software (HKLM\...\{B46D9E8C-10FE-4873-996B-CA9EA3D7D9FE}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
McAfee Agent (HKLM-x32\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5163.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5163.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
My Dell Client Framework (HKLM-x32\...\{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) Hidden
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5163.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5163.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5163.1000 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.21 - Dell Inc.)
R for Windows 3.6.1 (HKLM\...\R for Windows 3.6.1_is1) (Version: 3.6.1 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.2.1335 - RStudio)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0052 - ST Microelectronics)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Horizon Client (HKLM\...\{C7F8E8FA-0832-427E-B2B1-ABF6F8495C35}) (Version: 3.5.2.30397 - VMware, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wordle 0.2 (HKLM-x32\...\6068-4591-7093-1796) (Version: 0.2 - )

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2015-07-11] (Amazon.com)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.4.2.0_x86__38kynpdw5g1aw [2018-05-30] (Wacom Europe GmbH)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.7.0.1_neutral__6e5tt8cgb93ep [2017-12-11] (Canon Inc.)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.0.0_neutral__htrsf667h5kn2 [2016-05-29] (Dell Inc)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-02-10] (eBay, Inc)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-17] (Flipboard)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad]
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2018-06-19] (Hewlett-Packard Company)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-21] (AMZN Mobile LLC)
McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2018-03-29] (McAfee Inc)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-28] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-28] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-24] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-21] (Skype) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_1.18.3.0_x64__8wekyb3d8bbwe [2017-04-08] (Microsoft Corporation)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-08] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.34.12\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{9371045C-7BFF-48FD-9667-EA0499304115}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1023352508-1266729709-51963614-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:/Program Files (x86)/Dell Backup and Recovery/Components/Shell/DBROverlayIcon.DLL [2014-06-04] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:/Program Files (x86)/Dell Backup and Recovery/Components/Shell/DBROverlayNotBackuped.DLL [2014-06-04] (SoftThinks -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2019-02-08] (Ilya Morozov) [File not signed]
ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2015-08-20] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2015-08-20] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2015-08-20] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1_S-1-5-21-1023352508-1266729709-51963614-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1023352508-1266729709-51963614-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1023352508-1266729709-51963614-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-18 08:53 - 2018-11-18 08:53 - 000644608 _____ () [File not signed] C:\Program Files (x86)\Balabolka\lame_enc.dll
2008-06-22 03:58 - 2008-06-22 03:58 - 000134656 _____ () [File not signed] C:\Program Files (x86)\Balabolka\utils\chsdet.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 04:43 - 2014-02-26 04:43 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-12-27 11:43 - 2014-02-27 03:39 - 000440320 ____N (Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2019-02-08 20:28 - 2019-02-08 20:28 - 000370176 _____ (Ilya Morozov) [File not signed] C:\Program Files (x86)\Balabolka\BFileExt.dll
2014-05-10 20:21 - 2014-05-10 20:21 - 000969728 _____ (Ilya Morozov, Regine Mьller) [File not signed] C:\Program Files (x86)\Balabolka\syllable.dll
2014-02-26 04:50 - 2014-02-26 04:50 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll
2014-02-26 04:50 - 2014-02-26 04:50 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\CommApi.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\GattI.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\gatts.DLL
2014-02-26 04:51 - 2014-02-26 04:51 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Handsfree.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ipc.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ModuleManager.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\OutLookLib.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\skypeagent.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\TCPConnection.dll
2014-02-26 04:51 - 2014-02-26 04:51 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\utils.dll
2014-02-26 04:44 - 2014-02-26 04:44 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\LE\LE.dll
2014-02-26 04:45 - 2014-02-26 04:45 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BIP\BIP.dll
2014-02-26 04:44 - 2014-02-26 04:44 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\DID\DId.dll
2014-02-26 04:44 - 2014-02-26 04:44 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FAX\Fax.dll
2014-02-26 04:45 - 2014-02-26 04:45 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-02-26 04:41 - 2014-02-26 04:41 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\goep\goep.dll
2014-02-26 04:43 - 2014-02-26 04:43 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-02-26 04:45 - 2014-02-26 04:45 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\pbap\pbap.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-02-26 04:45 - 2014-02-26 04:45 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\sap\sap.dll
2014-02-26 04:46 - 2014-02-26 04:46 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-02-26 04:45 - 2014-02-26 04:45 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\spp\spp.dll
2014-02-26 04:45 - 2014-02-26 04:45 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Sync\Sync.dll
2019-03-02 05:16 - 2019-03-02 05:16 - 001375744 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Balabolka\LIBEAY32.dll
2019-03-02 05:16 - 2019-03-02 05:16 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Balabolka\ssleay32.dll
2015-10-14 19:04 - 2015-10-14 19:04 - 001604096 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\LIBEAY32.dll
2015-10-14 19:04 - 2015-10-14 19:04 - 000296960 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.200.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: TabletServicePen => 2
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1C28C780-7A10-472C-8047-FC4623B5A8EB}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe No File
FirewallRules: [{1A466FB2-130E-4EA6-ABCA-15B0E3AACFC5}] => (Allow) C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BEC23CAA-FC6E-4494-A1E8-BA92D8AF671B}] => (Allow) C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{621001AC-5330-4F4D-BE1B-0614BA699F0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A9D2177E-78D9-42A9-A244-2A940B686EE0}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{631B7EF3-E256-43D0-9DC8-2303527CA46C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{C32A07E2-EAB6-417C-96C5-2BC89CAD6240}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{62A87981-7243-4A18-A042-EB08A6587FF7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{81DF1DC7-6287-434B-A39D-A0F24AEA7CD1}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{C82E6ECB-0A5C-401B-8C64-A916FABE9FB5}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{9E7E6577-EAEA-4B06-A4D0-A35F330B81D8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{AC98CF56-01D8-4EF3-AFBF-1A2FB240B6E7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{B553EABE-6D13-4DEA-B2FB-53D9A179F1A7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{696854C2-131C-4ADB-8434-F566AB03D0CF}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{2156CC17-0E92-4DC6-802D-90F10F8F03A3}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{B0D67AF0-75C2-4B94-9F10-D27DE2AA999B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{F22A9052-EE2C-41E6-B650-E601DF9D2DB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27D250F3-39C5-48F0-BF5F-1E2E42C34114}] => (Allow) LPort=2869
FirewallRules: [{ECC9C5AD-DE61-424F-814A-82EF7ACB5266}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{7CB31833-A444-4E9F-8BEE-FE5530FC5557}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{5D830A2F-157A-4544-AA8D-E6CDF572F3C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{04CE56CF-F78C-4E49-BE77-B539CEAE3C2D}] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{195F25EE-F38B-456A-9FBA-B3CFFAF10CAA}C:\users\nickshaver06\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\nickshaver06\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{A3C70F2B-4363-4E59-89E5-504C645B5784}C:\users\nickshaver06\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\nickshaver06\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [{B96FD484-8A56-4C4F-A87E-17CFE301710C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5F906255-FF50-456F-93CD-77996339CC9E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{07342B63-4C97-447F-9E16-48DC793EC7F4}C:\users\nickshaver06\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nickshaver06\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{E3CA630E-FA63-4B10-9259-CBDBC713CA54}C:\users\nickshaver06\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nickshaver06\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{CF7F5AAA-BF38-4876-B679-AD5901B9EFFC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe No File
FirewallRules: [UDP Query User{613C4DA4-D614-4A43-AD4D-663C133B994D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe No File
FirewallRules: [{D6484781-12C2-46A0-88BF-C8A9F8E4D343}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe No File
FirewallRules: [{A4BDC953-16EF-4135-AB90-BA481D79FC64}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{A6A0D299-7A42-41FA-8539-473AB9E68E0C}] => (Allow) LPort=5357
FirewallRules: [{F2F37225-98A5-4CDD-9890-63ED97B44E9F}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{E5EB81DD-BA3B-487B-8736-83757AFC5289}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D6128B01-51CA-4701-AD9D-19D7FB115C53}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5E0358B-DFF2-4BD6-944A-AA142331E777}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2066E836-DC89-47E2-BD13-38DF0E249118}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D23F9274-442F-43D4-9E8B-178A816F3B8F}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4DC80610-B9B1-45DC-B4AF-5C3905D907B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C0130C46-B2DC-477B-A299-D514BDBA2286}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{88945CC4-7D97-43BD-89A3-E42CDE28790C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C92EA9EC-60B1-4837-8EA8-ECB0FABF0EE0}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C7030FA9-3FDE-4C1D-9CB3-51DEA497FE37}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{7E81F291-C901-4736-8E60-3D2E6D5E20AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6BD1C49F-903F-4E9E-86B8-1F6FEC7CBA72}C:\users\nickshaver06\appdata\local\temp\crestron_self_extractor\airmedia.exe] => (Allow) C:\users\nickshaver06\appdata\local\temp\crestron_self_extractor\airmedia.exe (AWIND INCORPORATED -> )
FirewallRules: [UDP Query User{D8347C3D-0476-4D04-91A6-290D0AC62638}C:\users\nickshaver06\appdata\local\temp\crestron_self_extractor\airmedia.exe] => (Allow) C:\users\nickshaver06\appdata\local\temp\crestron_self_extractor\airmedia.exe (AWIND INCORPORATED -> )

==================== Restore Points =========================

15-08-2019 20:17:12 Scheduled Checkpoint
22-08-2019 21:29:34 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821
22-08-2019 21:31:30 Windows Update
03-09-2019 16:25:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2019 03:49:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/03/2019 03:11:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/03/2019 03:11:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/03/2019 03:07:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/03/2019 10:25:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/03/2019 10:25:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/03/2019 08:36:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/03/2019 08:36:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (09/03/2019 03:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/03/2019 03:06:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:29:43 PM on ‎9/‎3/‎2019 was unexpected.

Error: (08/31/2019 02:53:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The My Dell Client Framework service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/31/2019 02:53:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the My Dell Client Framework service to connect.

Error: (08/31/2019 02:52:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/31/2019 02:52:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:36:48 PM on ‎8/‎31/‎2019 was unexpected.

Error: (08/29/2019 09:12:14 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.20.19.94.
The computer with the IP address 172.20.19.37 did not allow the name to be claimed by
this computer.

Error: (08/26/2019 11:54:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2015-02-05 17:24:42.209
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A03 09/29/2014
Motherboard: Dell Inc. 0R9H2G
Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
Percentage of memory in use: 68%
Total physical RAM: 3979.2 MB
Available physical RAM: 1250.61 MB
Total Virtual: 8075.2 MB
Available Virtual: 4332.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457 GB) (Free:322.95 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:7.38 GB) (Free:0.74 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E5BCBA8D)

Partition: GPT.

==================== End of Addition.txt ============================
nickshaver06
Active Member
 
Posts: 6
Joined: September 3rd, 2019, 9:09 pm
Advertisement
Register to Remove

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby Gary R » September 4th, 2019, 5:58 am

The version of FRST you used has a bug that has since been corrected, so can you please run FRST again.

When you do, FRST will update to the latest version.

When it has finished updating please run a new scan and post the new FRST.txt and Addition.txt files for me to have a look at.
User avatar
Gary R
Administrator
Administrator
 
Posts: 24331
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby nickshaver06 » September 4th, 2019, 7:00 am

Gary, thanks for the help. It ran with the new version FRST below and Addition attached due to character limit.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by nickshaver06 (administrator) on SHAVERHOME (Dell Inc. Inspiron 11 - 3147) (04-09-2019 06:46:37)
Running from C:\Users\nickshaver06\Desktop
Loaded Profiles: nickshaver06 (Available Profiles: nickshaver06)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc. -> ) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) [File not signed] C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(FabulaTech -> ) C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(FabulaTech -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(FabulaTech -> VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ilya Morozov) [File not signed] C:\Program Files (x86)\Balabolka\balabolka.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387224 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3775816 2014-02-27] (Wistron Corporation -> Dell Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] (FabulaTech -> )
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1321984 2019-02-05] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Dropbox Update] => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Google Update] => C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\GoogleUpdateCore.exe [1081640 2019-08-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\MountPoints2: {1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} - "E:\DTVaultPrivacy.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-26] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FF248D-4CA2-449B-B54C-35D418AFF703} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {05868E8A-E8B1-4361-9907-2F8F4316F849} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {09F565C9-0DFC-46CE-A48F-95F73B1C61E8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1163352 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {21043663-9D55-490C-B171-55C19AB98E38} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {21043663-9D55-490C-B171-55C19AB98E38} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {24649D75-686F-482E-AA27-A37FCFBB1DFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-06-25] (Google Inc -> Google Inc.)
Task: {2C77453B-8D50-4612-9BBE-37A771F9386F} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [6656 2015-12-12] () [File not signed] <==== ATTENTION
Task: {2EC7A0FB-9C58-4C92-B7A3-43D07F05881D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4629EC2B-2B24-4FA7-A18E-493BAC9007B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DA19172-4857-439E-95C2-45CFAE6CF62F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1067736 2015-10-28] () [File not signed]
Task: {5DAF7BF0-E87A-484A-9EAD-4813E92C3976} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A2F118FE-D74F-43A1-90B3-FF77C4D38A69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-06-25] (Google Inc -> Google Inc.)
Task: {AD4875B7-A94A-450C-A038-B2D09E15FC47} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {AD4875B7-A94A-450C-A038-B2D09E15FC47} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {BE8574E2-C951-4C85-ADBC-B504239DA72F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFEAF30A-CC78-490C-A670-6549D1ACA1C5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3EF6070-C899-4FB3-A237-FBFDB17B89F6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D02D87FC-D1E5-4F6B-82C8-EB04E7585035} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387224 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D3EC277F-793D-4741-A600-43AE0FE268BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA => C:\Users\nickshaver06\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-05] (Google Inc -> Google Inc.)
Task: {E198A809-E8C7-45AC-ADBF-802FC99B1C76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core => C:\Users\nickshaver06\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-05] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core.job => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA.job => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{B6C9BB14-55E2-405F-8B2A-D9B80E42738E}: [DhcpNameServer] 192.168.200.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> DefaultScope {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {540F9C83-EED3-414F-BDA5-9D527B2B5CA7} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150905085117.dll [2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150905085119.dll [2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\nickshaver06\AppData\Roaming\Mozilla\Firefox\Profiles\6p6zh3u3.default-1479655099617 [2019-03-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-09-01] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-09-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\nickshaver06\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @talk.google.com/O1DPlugin -> C:\Users\nickshaver06\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @tools.google.com/Google Update;version=3 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\npGoogleUpdate3.dll [2019-08-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @tools.google.com/Google Update;version=9 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\npGoogleUpdate3.dll [2019-08-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\nickshaver06\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2016-07-05]
FF Plugin ProgramFiles/Appdata: C:\Users\nickshaver06\AppData\Roaming\mozilla\plugins\npo1d.dll [2016-07-05]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://accounts.google.com/signin/v2/i ... rviceLogin
CHR StartupUrls: Default -> "hxxps://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin","hxxp://www.weather.com/weather/tenday/USOH0188","hxxp://www.google.com/"
CHR Profile: C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default [2019-09-04]
CHR Extension: (Google Drive) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Audiotool) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-16]
CHR Extension: (YouTube) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (hxxps://www.google.com/calendar/render?tab=mc) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfcnnjfpalolhpacllfghflhanpgmae [2015-02-05]
CHR Extension: (hxxps://www.google.com/voice#inbox) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppnbohmflmmlhmjibmdldokcbmlnif [2015-02-05]
CHR Extension: (Dictation for Gmail) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggdmhdpffgikgakkfojgiledkekfdce [2019-08-25]
CHR Extension: (hxxps://maps.google.com/) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\fechlkhcpcpaffdigchfolpfbpnbpcgi [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-29]
CHR Extension: (TwistedWave) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2015-08-16]
CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2019-09-01]
CHR Extension: (LipSurf - Voice Control for the Web) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnnmjmalakahagblkkcnjkoaihlfglon [2019-08-31]
CHR Extension: (Google Classroom) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] (FabulaTech -> )
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] (FabulaTech -> )
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc. -> McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [215104 2015-10-29] (McAfee, Inc. -> McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (Dell Inc. -> SoftThinks SAS)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-10-13] (VMware, Inc. -> VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (FabulaTech -> VMware)
S4 WavesSysSvc; C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe [497664 2014-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-10-14] (VMware, Inc. -> VMware, Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-09] (Realtek Semiconductor Corp -> Realtek )
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22168 2012-07-13] (STMicroelectronics -> ST Microelectronics)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83968 2013-11-21] (Microsoft Windows Hardware Compatibility Publisher -> STMicroelectronics)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [73616 2019-02-05] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 06:46 - 2019-09-04 06:48 - 000034477 _____ C:\Users\nickshaver06\Desktop\FRST.txt
2019-09-04 06:46 - 2019-09-04 06:46 - 001615360 _____ (Farbar) C:\Users\nickshaver06\Desktop\FRST64.exe
2019-09-03 21:01 - 2019-09-03 21:06 - 000051723 _____ C:\Users\nickshaver06\Downloads\Addition.txt
2019-09-03 20:46 - 2019-09-03 21:06 - 000045440 _____ C:\Users\nickshaver06\Downloads\FRST.txt
2019-09-03 20:45 - 2019-09-04 06:46 - 000000000 ____D C:\FRST
2019-09-03 20:26 - 2019-09-03 20:26 - 001615360 _____ (Farbar) C:\Users\nickshaver06\Downloads\FRST64.exe
2019-09-03 20:21 - 2019-09-03 20:21 - 000000967 _____ C:\Users\nickshaver06\Desktop\Balabolka.lnk
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\Documents\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Program Files (x86)\Balabolka
2019-09-03 15:38 - 2019-09-03 20:18 - 017973561 _____ C:\Users\nickshaver06\Downloads\balabolka.zip
2019-09-03 15:09 - 2019-09-03 15:09 - 000000000 ___RD C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2019-09-01 19:50 - 2019-09-03 20:20 - 018158212 _____ (Ilya Morozov) C:\Users\nickshaver06\Documents\setup.exe
2019-09-01 19:22 - 2019-09-03 20:20 - 000002732 _____ C:\Users\nickshaver06\Documents\readme.rus.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002603 _____ C:\Users\nickshaver06\Documents\readme.slk.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002561 _____ C:\Users\nickshaver06\Documents\readme.cze.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002541 _____ C:\Users\nickshaver06\Documents\readme.ita.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002452 _____ C:\Users\nickshaver06\Documents\readme.eng.txt
2019-09-01 19:21 - 2019-09-03 20:20 - 000060123 _____ C:\Users\nickshaver06\Documents\history.rus.txt
2019-09-01 19:21 - 2019-09-03 20:20 - 000057225 _____ C:\Users\nickshaver06\Documents\history.eng.txt
2019-08-31 11:19 - 2019-08-31 11:19 - 000000439 _____ C:\Users\nickshaver06\Desktop\Fine-PARwithinandbeyondprison-1.txt
2019-08-29 11:01 - 2019-08-29 11:01 - 002999824 _____ (Awind) C:\Users\nickshaver06\Downloads\AirMedia-0e6ce0_.10.132.3.157.exe
2019-08-29 11:01 - 2019-08-29 11:01 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\AirMedia
2019-08-27 09:59 - 2019-08-27 09:59 - 000078726 _____ C:\Users\nickshaver06\Downloads\Extras.Txt
2019-08-27 09:54 - 2019-08-27 09:54 - 000146372 _____ C:\Users\nickshaver06\Downloads\OTL.Txt
2019-08-27 09:14 - 2019-08-27 09:14 - 000602112 _____ (OldTimer Tools) C:\Users\nickshaver06\Downloads\OTL.exe
2019-08-27 09:12 - 2019-08-27 09:13 - 000157808 _____ C:\TDSSKiller.2.8.16.0_27.08.2019_09.12.16_log.txt
2019-08-27 09:12 - 2019-08-27 09:12 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\nickshaver06\Desktop\tdsskiller.exe
2019-08-27 09:05 - 2019-08-27 09:05 - 000468480 _____ () C:\Users\nickshaver06\Downloads\CKScanner.exe
2019-08-26 09:23 - 2019-08-26 09:23 - 000000000 ____D C:\Users\nickshaver06\Documents\YBC Big Files
2019-08-26 09:21 - 2019-09-03 15:09 - 000002186 _____ C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2019-08-26 09:19 - 2019-08-26 09:19 - 000321832 _____ C:\Windows\Minidump\082619-36109-01.dmp
2019-08-26 09:17 - 2019-08-26 09:17 - 006705275 _____ C:\Users\nickshaver06\Desktop\_YBC_Materials_ForTeam.zip
2019-08-24 15:03 - 2019-08-24 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wordle
2019-08-24 15:03 - 2019-08-24 15:03 - 000000000 ____D C:\Program Files (x86)\wordle
2019-08-24 15:02 - 2019-08-24 15:02 - 008762368 _____ () C:\Users\nickshaver06\Downloads\wordle_windows_0_2.exe
2019-08-24 10:36 - 2019-08-24 10:36 - 000000000 _____ C:\Windows\invcol.tmp
2019-08-23 08:59 - 2019-08-23 08:59 - 000000000 ____D C:\Users\nickshaver06\.cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\Cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\ProgramData\Cisco
2019-08-23 08:57 - 2019-02-05 12:04 - 000263640 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2019-08-23 08:56 - 2019-08-23 08:56 - 005734672 _____ (Cisco Systems, Inc.) C:\Users\nickshaver06\Downloads\anyconnect-win-4.6.04056-core-vpn-webdeploy-k9.exe
2019-08-22 23:26 - 2019-09-02 09:36 - 000000000 _____ C:\Users\nickshaver06\Documents\.Rhistory
2019-08-22 22:44 - 2019-08-22 22:46 - 000000000 ____D C:\ProgramData\Temp
2019-08-22 22:19 - 2019-08-22 22:19 - 000000000 ____D C:\Windows\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
2019-08-22 22:19 - 2019-08-22 22:19 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\VMware
2019-08-22 22:19 - 2015-07-30 19:46 - 000057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2019-08-22 22:08 - 2019-08-22 22:08 - 000000000 ____D C:\ProgramData\VMware
2019-08-22 22:07 - 2019-08-23 09:02 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\VMware
2019-08-22 22:07 - 2019-08-22 22:07 - 000000000 ____D C:\Program Files\Common Files\VMware
2019-08-22 22:07 - 2019-08-22 22:07 - 000000000 ____D C:\Program Files (x86)\VMware
2019-08-22 22:05 - 2019-08-22 22:05 - 039458928 _____ (VMware, Inc.) C:\Users\nickshaver06\Downloads\VMware-Horizon-View-Client-x86_64-3.5.2-3150477.exe
2019-08-22 21:56 - 2019-09-02 09:36 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\RStudio
2019-08-22 21:35 - 2019-08-22 21:35 - 000000000 ____D C:\Users\nickshaver06\Documents\R
2019-08-22 21:34 - 2019-09-02 09:36 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\RStudio-Desktop
2019-08-22 21:32 - 2015-08-22 09:42 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-08-22 21:28 - 2019-08-22 21:28 - 015080792 _____ (Microsoft Corporation) C:\Users\nickshaver06\Downloads\vc_redist.x64.exe
2019-08-22 21:24 - 2019-08-22 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2019-08-22 21:22 - 2019-08-22 21:24 - 000000000 ____D C:\Program Files\RStudio
2019-08-22 21:20 - 2019-08-22 21:22 - 133103936 _____ (RStudio, Inc.) C:\Users\nickshaver06\Downloads\RStudio-1.2.1335.exe
2019-08-22 21:20 - 2019-08-22 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2019-08-22 21:16 - 2019-08-22 21:16 - 000000000 ____D C:\Program Files\R
2019-08-22 21:14 - 2019-08-22 21:15 - 084681344 _____ (R Core Team ) C:\Users\nickshaver06\Downloads\R-3.6.1-win.exe
2019-08-19 11:11 - 2019-08-19 15:10 - 000000060 _____ C:\Users\nickshaver06\Desktop\Base Camp Time Sheet.txt
2019-08-14 14:49 - 2019-08-14 14:49 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-08-07 11:20 - 2019-08-19 09:34 - 000000189 _____ C:\Users\nickshaver06\Desktop\TimeSheet - Tylers Work Macros.txt
2019-08-07 11:19 - 2019-09-02 11:20 - 000000798 _____ C:\Users\nickshaver06\Desktop\Time sheet - Almanac Programming.txt
2019-08-05 11:00 - 2019-08-05 11:00 - 000000276 _____ C:\Users\nickshaver06\Desktop\Jordan - Next Steps.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 06:46 - 2015-02-05 18:27 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023352508-1266729709-51963614-1001
2019-09-03 21:05 - 2018-07-29 15:04 - 000000000 ____D C:\Users\nickshaver06\Desktop\Torch Prep Big Files
2019-09-03 21:01 - 2015-02-05 18:22 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\Packages
2019-09-03 20:51 - 2015-06-16 10:58 - 000000968 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA.job
2019-09-03 20:20 - 2019-06-22 21:35 - 000004693 _____ C:\Users\nickshaver06\Documents\license.rus.txt
2019-09-03 20:20 - 2019-05-29 20:42 - 000005432 _____ C:\Users\nickshaver06\Documents\license.slk.txt
2019-09-03 20:20 - 2018-08-23 10:52 - 000005305 _____ C:\Users\nickshaver06\Documents\license.cze.txt
2019-09-03 20:20 - 2018-03-24 02:58 - 000005707 _____ C:\Users\nickshaver06\Documents\license.ita.txt
2019-09-03 20:20 - 2018-03-24 02:57 - 000004967 _____ C:\Users\nickshaver06\Documents\license.eng.txt
2019-09-03 15:21 - 2015-08-07 15:20 - 000000000 ___DO C:\Users\nickshaver06\OneDrive
2019-09-03 15:21 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-09-03 15:15 - 2014-12-27 11:49 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-09-03 15:11 - 2014-03-18 05:53 - 000005388 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-03 15:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\Registration
2019-09-03 15:06 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-03 08:51 - 2015-06-16 10:58 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core.job
2019-09-03 08:50 - 2019-01-20 14:04 - 000000166 _____ C:\Users\nickshaver06\Desktop\Invite to Next Potluck.txt
2019-09-03 08:47 - 2017-08-01 20:06 - 000000934 _____ C:\Users\nickshaver06\Desktop\BECKS LIST to Buy.txt
2019-09-02 19:49 - 2019-06-18 14:45 - 000000607 _____ C:\Users\nickshaver06\Desktop\Timesheet - Content Alignment TimeSheet.txt
2019-09-02 09:36 - 2015-02-05 18:45 - 000000000 ___RD C:\Users\nickshaver06\Dropbox
2019-09-02 09:31 - 2015-02-16 12:53 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\CrashDumps
2019-08-31 14:55 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-08-31 14:52 - 2015-02-05 18:22 - 000000000 ____D C:\Users\nickshaver06
2019-08-28 21:05 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-08-26 14:52 - 2015-06-25 12:36 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-26 09:19 - 2015-06-10 09:24 - 376176329 _____ C:\Windows\MEMORY.DMP
2019-08-26 09:19 - 2015-06-10 09:24 - 000000000 ____D C:\Windows\Minidump
2019-08-24 10:37 - 2014-12-27 10:19 - 000000000 ____D C:\DELL
2019-08-23 09:02 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-08-23 08:57 - 2014-12-27 11:43 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-08-22 22:45 - 2014-12-27 11:56 - 000000000 ____D C:\Program Files (x86)\Dell
2019-08-22 22:45 - 2014-12-27 11:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-08-22 22:45 - 2014-12-27 10:40 - 000000000 ____D C:\ProgramData\DELL
2019-08-22 22:35 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-22 21:49 - 2017-02-12 13:34 - 000000000 ____D C:\Users\nickshaver06\Documents\Old Dropbox Teaching Files
2019-08-22 21:33 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-08-22 21:31 - 2014-12-27 11:34 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-22 08:46 - 2015-06-16 10:58 - 000003928 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA
2019-08-22 08:46 - 2015-06-16 10:58 - 000003548 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core
2019-08-20 10:18 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-20 10:16 - 2015-02-07 10:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-08-19 10:24 - 2018-06-22 14:37 - 000000000 ___RD C:\Users\nickshaver06\Documents\Scanned Documents
2019-08-15 20:11 - 2016-07-05 16:37 - 000003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA
2019-08-15 20:11 - 2016-07-05 16:37 - 000003246 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core
2019-08-14 14:50 - 2015-02-05 18:38 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Dropbox

==================== FLock ================

2014-12-27 12:59 C:\System Recovery

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-29 14:04
==================== End of FRST.txt ============================
You do not have the required permissions to view the files attached to this post.
nickshaver06
Active Member
 
Posts: 6
Joined: September 3rd, 2019, 9:09 pm

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby nickshaver06 » September 4th, 2019, 7:00 am

Gary, thanks for the help. It ran with the new version FRST below and Addition attached due to character limit.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by nickshaver06 (administrator) on SHAVERHOME (Dell Inc. Inspiron 11 - 3147) (04-09-2019 06:46:37)
Running from C:\Users\nickshaver06\Desktop
Loaded Profiles: nickshaver06 (Available Profiles: nickshaver06)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc. -> ) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) [File not signed] C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(FabulaTech -> ) C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(FabulaTech -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(FabulaTech -> VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ilya Morozov) [File not signed] C:\Program Files (x86)\Balabolka\balabolka.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387224 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3775816 2014-02-27] (Wistron Corporation -> Dell Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] (FabulaTech -> )
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1321984 2019-02-05] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Dropbox Update] => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Google Update] => C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\GoogleUpdateCore.exe [1081640 2019-08-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\MountPoints2: {1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} - "E:\DTVaultPrivacy.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-26] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\nickshaver06\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FF248D-4CA2-449B-B54C-35D418AFF703} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {05868E8A-E8B1-4361-9907-2F8F4316F849} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {09F565C9-0DFC-46CE-A48F-95F73B1C61E8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1163352 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {21043663-9D55-490C-B171-55C19AB98E38} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {21043663-9D55-490C-B171-55C19AB98E38} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {24649D75-686F-482E-AA27-A37FCFBB1DFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-06-25] (Google Inc -> Google Inc.)
Task: {2C77453B-8D50-4612-9BBE-37A771F9386F} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [6656 2015-12-12] () [File not signed] <==== ATTENTION
Task: {2EC7A0FB-9C58-4C92-B7A3-43D07F05881D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4629EC2B-2B24-4FA7-A18E-493BAC9007B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DA19172-4857-439E-95C2-45CFAE6CF62F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1067736 2015-10-28] () [File not signed]
Task: {5DAF7BF0-E87A-484A-9EAD-4813E92C3976} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A2F118FE-D74F-43A1-90B3-FF77C4D38A69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-06-25] (Google Inc -> Google Inc.)
Task: {AD4875B7-A94A-450C-A038-B2D09E15FC47} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {AD4875B7-A94A-450C-A038-B2D09E15FC47} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {BE8574E2-C951-4C85-ADBC-B504239DA72F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFEAF30A-CC78-490C-A670-6549D1ACA1C5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3EF6070-C899-4FB3-A237-FBFDB17B89F6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D02D87FC-D1E5-4F6B-82C8-EB04E7585035} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387224 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D3EC277F-793D-4741-A600-43AE0FE268BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA => C:\Users\nickshaver06\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-05] (Google Inc -> Google Inc.)
Task: {E198A809-E8C7-45AC-ADBF-802FC99B1C76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core => C:\Users\nickshaver06\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-05] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core.job => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA.job => C:\Users\nickshaver06\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{B6C9BB14-55E2-405F-8B2A-D9B80E42738E}: [DhcpNameServer] 192.168.200.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> DefaultScope {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {540F9C83-EED3-414F-BDA5-9D527B2B5CA7} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150905085117.dll [2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150905085119.dll [2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\nickshaver06\AppData\Roaming\Mozilla\Firefox\Profiles\6p6zh3u3.default-1479655099617 [2019-03-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-09-01] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-09-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\nickshaver06\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @talk.google.com/O1DPlugin -> C:\Users\nickshaver06\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @tools.google.com/Google Update;version=3 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\npGoogleUpdate3.dll [2019-08-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: @tools.google.com/Google Update;version=9 -> C:\Users\nickshaver06\AppData\Local\Google\Update\1.3.35.2\npGoogleUpdate3.dll [2019-08-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1023352508-1266729709-51963614-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\nickshaver06\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2016-07-05]
FF Plugin ProgramFiles/Appdata: C:\Users\nickshaver06\AppData\Roaming\mozilla\plugins\npo1d.dll [2016-07-05]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://accounts.google.com/signin/v2/i ... rviceLogin
CHR StartupUrls: Default -> "hxxps://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin","hxxp://www.weather.com/weather/tenday/USOH0188","hxxp://www.google.com/"
CHR Profile: C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default [2019-09-04]
CHR Extension: (Google Drive) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Audiotool) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-16]
CHR Extension: (YouTube) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (hxxps://www.google.com/calendar/render?tab=mc) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfcnnjfpalolhpacllfghflhanpgmae [2015-02-05]
CHR Extension: (hxxps://www.google.com/voice#inbox) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppnbohmflmmlhmjibmdldokcbmlnif [2015-02-05]
CHR Extension: (Dictation for Gmail) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggdmhdpffgikgakkfojgiledkekfdce [2019-08-25]
CHR Extension: (hxxps://maps.google.com/) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\fechlkhcpcpaffdigchfolpfbpnbpcgi [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-29]
CHR Extension: (TwistedWave) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2015-08-16]
CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2019-09-01]
CHR Extension: (LipSurf - Voice Control for the Web) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnnmjmalakahagblkkcnjkoaihlfglon [2019-08-31]
CHR Extension: (Google Classroom) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\nickshaver06\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] (FabulaTech -> )
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] (FabulaTech -> )
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc. -> McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [215104 2015-10-29] (McAfee, Inc. -> McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (Dell Inc. -> SoftThinks SAS)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-10-13] (VMware, Inc. -> VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (FabulaTech -> VMware)
S4 WavesSysSvc; C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe [497664 2014-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-10-14] (VMware, Inc. -> VMware, Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-09-05] (McAfee, Inc. -> McAfee, Inc.)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-09] (Realtek Semiconductor Corp -> Realtek )
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22168 2012-07-13] (STMicroelectronics -> ST Microelectronics)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83968 2013-11-21] (Microsoft Windows Hardware Compatibility Publisher -> STMicroelectronics)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [73616 2019-02-05] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 06:46 - 2019-09-04 06:48 - 000034477 _____ C:\Users\nickshaver06\Desktop\FRST.txt
2019-09-04 06:46 - 2019-09-04 06:46 - 001615360 _____ (Farbar) C:\Users\nickshaver06\Desktop\FRST64.exe
2019-09-03 21:01 - 2019-09-03 21:06 - 000051723 _____ C:\Users\nickshaver06\Downloads\Addition.txt
2019-09-03 20:46 - 2019-09-03 21:06 - 000045440 _____ C:\Users\nickshaver06\Downloads\FRST.txt
2019-09-03 20:45 - 2019-09-04 06:46 - 000000000 ____D C:\FRST
2019-09-03 20:26 - 2019-09-03 20:26 - 001615360 _____ (Farbar) C:\Users\nickshaver06\Downloads\FRST64.exe
2019-09-03 20:21 - 2019-09-03 20:21 - 000000967 _____ C:\Users\nickshaver06\Desktop\Balabolka.lnk
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\Documents\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Balabolka
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D C:\Program Files (x86)\Balabolka
2019-09-03 15:38 - 2019-09-03 20:18 - 017973561 _____ C:\Users\nickshaver06\Downloads\balabolka.zip
2019-09-03 15:09 - 2019-09-03 15:09 - 000000000 ___RD C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2019-09-01 19:50 - 2019-09-03 20:20 - 018158212 _____ (Ilya Morozov) C:\Users\nickshaver06\Documents\setup.exe
2019-09-01 19:22 - 2019-09-03 20:20 - 000002732 _____ C:\Users\nickshaver06\Documents\readme.rus.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002603 _____ C:\Users\nickshaver06\Documents\readme.slk.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002561 _____ C:\Users\nickshaver06\Documents\readme.cze.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002541 _____ C:\Users\nickshaver06\Documents\readme.ita.txt
2019-09-01 19:22 - 2019-09-03 20:20 - 000002452 _____ C:\Users\nickshaver06\Documents\readme.eng.txt
2019-09-01 19:21 - 2019-09-03 20:20 - 000060123 _____ C:\Users\nickshaver06\Documents\history.rus.txt
2019-09-01 19:21 - 2019-09-03 20:20 - 000057225 _____ C:\Users\nickshaver06\Documents\history.eng.txt
2019-08-31 11:19 - 2019-08-31 11:19 - 000000439 _____ C:\Users\nickshaver06\Desktop\Fine-PARwithinandbeyondprison-1.txt
2019-08-29 11:01 - 2019-08-29 11:01 - 002999824 _____ (Awind) C:\Users\nickshaver06\Downloads\AirMedia-0e6ce0_.10.132.3.157.exe
2019-08-29 11:01 - 2019-08-29 11:01 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\AirMedia
2019-08-27 09:59 - 2019-08-27 09:59 - 000078726 _____ C:\Users\nickshaver06\Downloads\Extras.Txt
2019-08-27 09:54 - 2019-08-27 09:54 - 000146372 _____ C:\Users\nickshaver06\Downloads\OTL.Txt
2019-08-27 09:14 - 2019-08-27 09:14 - 000602112 _____ (OldTimer Tools) C:\Users\nickshaver06\Downloads\OTL.exe
2019-08-27 09:12 - 2019-08-27 09:13 - 000157808 _____ C:\TDSSKiller.2.8.16.0_27.08.2019_09.12.16_log.txt
2019-08-27 09:12 - 2019-08-27 09:12 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\nickshaver06\Desktop\tdsskiller.exe
2019-08-27 09:05 - 2019-08-27 09:05 - 000468480 _____ () C:\Users\nickshaver06\Downloads\CKScanner.exe
2019-08-26 09:23 - 2019-08-26 09:23 - 000000000 ____D C:\Users\nickshaver06\Documents\YBC Big Files
2019-08-26 09:21 - 2019-09-03 15:09 - 000002186 _____ C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2019-08-26 09:19 - 2019-08-26 09:19 - 000321832 _____ C:\Windows\Minidump\082619-36109-01.dmp
2019-08-26 09:17 - 2019-08-26 09:17 - 006705275 _____ C:\Users\nickshaver06\Desktop\_YBC_Materials_ForTeam.zip
2019-08-24 15:03 - 2019-08-24 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wordle
2019-08-24 15:03 - 2019-08-24 15:03 - 000000000 ____D C:\Program Files (x86)\wordle
2019-08-24 15:02 - 2019-08-24 15:02 - 008762368 _____ () C:\Users\nickshaver06\Downloads\wordle_windows_0_2.exe
2019-08-24 10:36 - 2019-08-24 10:36 - 000000000 _____ C:\Windows\invcol.tmp
2019-08-23 08:59 - 2019-08-23 08:59 - 000000000 ____D C:\Users\nickshaver06\.cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\Cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2019-08-23 08:57 - 2019-08-23 08:57 - 000000000 ____D C:\ProgramData\Cisco
2019-08-23 08:57 - 2019-02-05 12:04 - 000263640 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2019-08-23 08:56 - 2019-08-23 08:56 - 005734672 _____ (Cisco Systems, Inc.) C:\Users\nickshaver06\Downloads\anyconnect-win-4.6.04056-core-vpn-webdeploy-k9.exe
2019-08-22 23:26 - 2019-09-02 09:36 - 000000000 _____ C:\Users\nickshaver06\Documents\.Rhistory
2019-08-22 22:44 - 2019-08-22 22:46 - 000000000 ____D C:\ProgramData\Temp
2019-08-22 22:19 - 2019-08-22 22:19 - 000000000 ____D C:\Windows\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
2019-08-22 22:19 - 2019-08-22 22:19 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\VMware
2019-08-22 22:19 - 2015-07-30 19:46 - 000057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2019-08-22 22:08 - 2019-08-22 22:08 - 000000000 ____D C:\ProgramData\VMware
2019-08-22 22:07 - 2019-08-23 09:02 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\VMware
2019-08-22 22:07 - 2019-08-22 22:07 - 000000000 ____D C:\Program Files\Common Files\VMware
2019-08-22 22:07 - 2019-08-22 22:07 - 000000000 ____D C:\Program Files (x86)\VMware
2019-08-22 22:05 - 2019-08-22 22:05 - 039458928 _____ (VMware, Inc.) C:\Users\nickshaver06\Downloads\VMware-Horizon-View-Client-x86_64-3.5.2-3150477.exe
2019-08-22 21:56 - 2019-09-02 09:36 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\RStudio
2019-08-22 21:35 - 2019-08-22 21:35 - 000000000 ____D C:\Users\nickshaver06\Documents\R
2019-08-22 21:34 - 2019-09-02 09:36 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\RStudio-Desktop
2019-08-22 21:32 - 2015-08-22 09:42 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:42 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-08-22 21:32 - 2015-08-22 09:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-08-22 21:28 - 2019-08-22 21:28 - 015080792 _____ (Microsoft Corporation) C:\Users\nickshaver06\Downloads\vc_redist.x64.exe
2019-08-22 21:24 - 2019-08-22 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2019-08-22 21:22 - 2019-08-22 21:24 - 000000000 ____D C:\Program Files\RStudio
2019-08-22 21:20 - 2019-08-22 21:22 - 133103936 _____ (RStudio, Inc.) C:\Users\nickshaver06\Downloads\RStudio-1.2.1335.exe
2019-08-22 21:20 - 2019-08-22 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2019-08-22 21:16 - 2019-08-22 21:16 - 000000000 ____D C:\Program Files\R
2019-08-22 21:14 - 2019-08-22 21:15 - 084681344 _____ (R Core Team ) C:\Users\nickshaver06\Downloads\R-3.6.1-win.exe
2019-08-19 11:11 - 2019-08-19 15:10 - 000000060 _____ C:\Users\nickshaver06\Desktop\Base Camp Time Sheet.txt
2019-08-14 14:49 - 2019-08-14 14:49 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-08-07 11:20 - 2019-08-19 09:34 - 000000189 _____ C:\Users\nickshaver06\Desktop\TimeSheet - Tylers Work Macros.txt
2019-08-07 11:19 - 2019-09-02 11:20 - 000000798 _____ C:\Users\nickshaver06\Desktop\Time sheet - Almanac Programming.txt
2019-08-05 11:00 - 2019-08-05 11:00 - 000000276 _____ C:\Users\nickshaver06\Desktop\Jordan - Next Steps.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 06:46 - 2015-02-05 18:27 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023352508-1266729709-51963614-1001
2019-09-03 21:05 - 2018-07-29 15:04 - 000000000 ____D C:\Users\nickshaver06\Desktop\Torch Prep Big Files
2019-09-03 21:01 - 2015-02-05 18:22 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\Packages
2019-09-03 20:51 - 2015-06-16 10:58 - 000000968 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA.job
2019-09-03 20:20 - 2019-06-22 21:35 - 000004693 _____ C:\Users\nickshaver06\Documents\license.rus.txt
2019-09-03 20:20 - 2019-05-29 20:42 - 000005432 _____ C:\Users\nickshaver06\Documents\license.slk.txt
2019-09-03 20:20 - 2018-08-23 10:52 - 000005305 _____ C:\Users\nickshaver06\Documents\license.cze.txt
2019-09-03 20:20 - 2018-03-24 02:58 - 000005707 _____ C:\Users\nickshaver06\Documents\license.ita.txt
2019-09-03 20:20 - 2018-03-24 02:57 - 000004967 _____ C:\Users\nickshaver06\Documents\license.eng.txt
2019-09-03 15:21 - 2015-08-07 15:20 - 000000000 ___DO C:\Users\nickshaver06\OneDrive
2019-09-03 15:21 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-09-03 15:15 - 2014-12-27 11:49 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-09-03 15:11 - 2014-03-18 05:53 - 000005388 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-03 15:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\Registration
2019-09-03 15:06 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-03 08:51 - 2015-06-16 10:58 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core.job
2019-09-03 08:50 - 2019-01-20 14:04 - 000000166 _____ C:\Users\nickshaver06\Desktop\Invite to Next Potluck.txt
2019-09-03 08:47 - 2017-08-01 20:06 - 000000934 _____ C:\Users\nickshaver06\Desktop\BECKS LIST to Buy.txt
2019-09-02 19:49 - 2019-06-18 14:45 - 000000607 _____ C:\Users\nickshaver06\Desktop\Timesheet - Content Alignment TimeSheet.txt
2019-09-02 09:36 - 2015-02-05 18:45 - 000000000 ___RD C:\Users\nickshaver06\Dropbox
2019-09-02 09:31 - 2015-02-16 12:53 - 000000000 ____D C:\Users\nickshaver06\AppData\Local\CrashDumps
2019-08-31 14:55 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-08-31 14:52 - 2015-02-05 18:22 - 000000000 ____D C:\Users\nickshaver06
2019-08-28 21:05 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-08-26 14:52 - 2015-06-25 12:36 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-26 09:19 - 2015-06-10 09:24 - 376176329 _____ C:\Windows\MEMORY.DMP
2019-08-26 09:19 - 2015-06-10 09:24 - 000000000 ____D C:\Windows\Minidump
2019-08-24 10:37 - 2014-12-27 10:19 - 000000000 ____D C:\DELL
2019-08-23 09:02 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-08-23 08:57 - 2014-12-27 11:43 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-08-22 22:45 - 2014-12-27 11:56 - 000000000 ____D C:\Program Files (x86)\Dell
2019-08-22 22:45 - 2014-12-27 11:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-08-22 22:45 - 2014-12-27 10:40 - 000000000 ____D C:\ProgramData\DELL
2019-08-22 22:35 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-22 21:49 - 2017-02-12 13:34 - 000000000 ____D C:\Users\nickshaver06\Documents\Old Dropbox Teaching Files
2019-08-22 21:33 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-08-22 21:31 - 2014-12-27 11:34 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-22 08:46 - 2015-06-16 10:58 - 000003928 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA
2019-08-22 08:46 - 2015-06-16 10:58 - 000003548 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core
2019-08-20 10:18 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-20 10:16 - 2015-02-07 10:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-08-19 10:24 - 2018-06-22 14:37 - 000000000 ___RD C:\Users\nickshaver06\Documents\Scanned Documents
2019-08-15 20:11 - 2016-07-05 16:37 - 000003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001UA
2019-08-15 20:11 - 2016-07-05 16:37 - 000003246 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1023352508-1266729709-51963614-1001Core
2019-08-14 14:50 - 2015-02-05 18:38 - 000000000 ____D C:\Users\nickshaver06\AppData\Roaming\Dropbox

==================== FLock ================

2014-12-27 12:59 C:\System Recovery

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-29 14:04
==================== End of FRST.txt ============================
You do not have the required permissions to view the files attached to this post.
nickshaver06
Active Member
 
Posts: 6
Joined: September 3rd, 2019, 9:09 pm

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby Gary R » September 4th, 2019, 8:34 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi nickshaver06

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are no obvious signs of malware in your FRST logs, however there are a few things that need attending to, and a number of things that need further investigation so .....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
Code: Select all
Folder: C:\Program Files (x86)\Balabolka
VirusTotal: C:\Program Files (x86)\Balabolka\balabolka.exe;C:\Program Files (x86)\Balabolka\lame_enc.dll;C:\Program Files (x86)\Balabolka\utils\chsdet.dll

HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\MountPoints2: {1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} - "E:\DTVaultPrivacy.exe"
Task: {2C77453B-8D50-4612-9BBE-37A771F9386F} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [6656 2015-12-12] () [File not signed] <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> DefaultScope {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {540F9C83-EED3-414F-BDA5-9D527B2B5CA7} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: TabletServicePen => 2
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
EmptyTemp:

  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Can you also run a new scan with FRST and post the latest FRST.txt and Addition.txt logs created.
User avatar
Gary R
Administrator
Administrator
 
Posts: 24331
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby nickshaver06 » September 4th, 2019, 10:02 am

The first time I ran the fix, the program stopped running, so I have attached the first log1 and then attached the addition and FRST file as well due to character limit. Thanks!

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by nickshaver06 (04-09-2019 09:26:20) Run:2
Running from C:\Users\nickshaver06\Desktop
Loaded Profiles: nickshaver06 (Available Profiles: nickshaver06)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\Program Files (x86)\Balabolka
VirusTotal: C:\Program Files (x86)\Balabolka\balabolka.exe;C:\Program Files (x86)\Balabolka\lame_enc.dll;C:\Program Files (x86)\Balabolka\utils\chsdet.dll

HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\MountPoints2: {1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} - "E:\DTVaultPrivacy.exe"
Task: {2C77453B-8D50-4612-9BBE-37A771F9386F} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [6656 2015-12-12] () [File not signed] <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> DefaultScope {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {540F9C83-EED3-414F-BDA5-9D527B2B5CA7} URL =
SearchScopes: HKU\S-1-5-21-1023352508-1266729709-51963614-1001 -> {A5BA95ED-DCBC-4A11-8C59-86D0F3122845} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: TabletServicePen => 2
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
EmptyTemp:
*****************


========================= Folder: C:\Program Files (x86)\Balabolka ========================

2019-09-01 12:30 - 2019-09-01 12:30 - 002621952 ____A [9B729E759EC33B6DEDD25EFC3B7B9B5C] (Ilya Morozov) C:\Program Files (x86)\Balabolka\balabolka.exe
2019-02-08 20:28 - 2019-02-08 20:28 - 000370176 ____A [BBF3204E8950CA94EE29FC4C020D4FEB] (Ilya Morozov) C:\Program Files (x86)\Balabolka\BFileExt.dll
2018-11-18 08:53 - 2018-11-18 08:53 - 000644608 ____A [1E1DAE3A61EEE663E7DFC21EDAC17F52] () C:\Program Files (x86)\Balabolka\lame_enc.dll
2019-03-02 05:16 - 2019-03-02 05:16 - 001375744 ____A [900DAFE19A17F2E21729BA1AD2A7DDF2] (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\Balabolka\libeay32.dll
2007-08-13 09:46 - 2007-08-13 09:46 - 000131072 ____A [1C13E50AEC36BBB49B592089AD091128] () C:\Program Files (x86)\Balabolka\libsamplerate.dll
2006-10-25 16:06 - 2006-10-25 16:06 - 000016384 ____A [EE8756CBFA0974D35B873916A55F7FEE] () C:\Program Files (x86)\Balabolka\ogg.dll
2019-03-02 05:16 - 2019-03-02 05:16 - 000337920 ____A [5D7476F34764F278852406CDB3BEACB6] (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\Balabolka\ssleay32.dll
2014-05-10 20:21 - 2014-05-10 20:21 - 000969728 ____A [BA0BF2F86CA4D9294E4B76F017CD5895] (Ilya Morozov, Regine Mьller) C:\Program Files (x86)\Balabolka\syllable.dll
2019-09-03 20:21 - 2019-09-03 20:21 - 000290816 ____A [CF72F2AB89599FA735A12CFB05790F24] (Ilya Morozov) C:\Program Files (x86)\Balabolka\uninstall.exe
2019-09-03 20:21 - 2019-09-03 20:21 - 000028260 ____A [6924358D2451D1C82206C53D8AB496A5] () C:\Program Files (x86)\Balabolka\uninstall.log
2006-10-25 16:06 - 2006-10-25 16:06 - 000150528 ____A [E7204B5C3EBC45C948A08E2E7A8A5139] () C:\Program Files (x86)\Balabolka\vorbis.dll
2006-10-25 16:06 - 2006-10-25 16:06 - 000069632 ____A [55AAC7065C8457A2710CC5D41BB35CFC] () C:\Program Files (x86)\Balabolka\vorbisenc.dll
2006-10-25 16:06 - 2006-10-25 16:06 - 000019456 ____A [F1907BCDA3E6C994B7B9E6F07F86AA84] () C:\Program Files (x86)\Balabolka\vorbisfile.dll
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\help
2019-06-21 15:24 - 2019-06-21 15:24 - 000122913 ____A [7EF0F46E2CF458D003E21C5FFB0041AC] () C:\Program Files (x86)\Balabolka\help\Czech.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000113165 ____A [C0CCF91EEFD99E658DF22448DD836C3E] () C:\Program Files (x86)\Balabolka\help\English.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000114081 ____A [DCA6C583705E223DA2F5F16C03F3B2BE] () C:\Program Files (x86)\Balabolka\help\French.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000118461 ____A [4E9DB469CB418CBDB63A4C8B150D5DA1] () C:\Program Files (x86)\Balabolka\help\German.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000123261 ____A [DB6DADD7855B4FB47674623B44203B79] () C:\Program Files (x86)\Balabolka\help\Italian.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000116627 ____A [FE7EAEF4CBEB5C6F8374243C2EAA6879] () C:\Program Files (x86)\Balabolka\help\Korean.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000130507 ____A [272645D15D2894C69A06FF93EC2E6106] () C:\Program Files (x86)\Balabolka\help\Russian.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000123853 ____A [E41D19369D9964C7B5272408AA384597] () C:\Program Files (x86)\Balabolka\help\Slovak.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000124435 ____A [AD325ACF3AF3A3AFC63CC39BA4C7FAB8] () C:\Program Files (x86)\Balabolka\help\Spanish.chm
2019-06-21 15:24 - 2019-06-21 15:24 - 000129089 ____A [31F7453B8EF08864EA0105ED5BFE89BC] () C:\Program Files (x86)\Balabolka\help\Ukrainian.chm
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\languages
2019-07-30 08:24 - 2019-07-30 08:24 - 000059912 ____A [26425B5B19E2BD81C2DD76854D5FC039] () C:\Program Files (x86)\Balabolka\languages\Arabic.lng
2019-07-30 08:24 - 2019-07-30 08:24 - 000087720 ____A [62647734830C598E0174422AF1130140] () C:\Program Files (x86)\Balabolka\languages\Armenian.lng
2019-08-02 13:22 - 2019-08-02 13:22 - 000073718 ____A [F8BECEF8F6B0FBE10CD7AE32259761F0] () C:\Program Files (x86)\Balabolka\languages\Bulgarian.lng
2019-07-30 08:24 - 2019-07-30 08:24 - 000043741 ____A [D21520657CA8810B5B92654BE72015EE] () C:\Program Files (x86)\Balabolka\languages\Catalan.lng
2019-08-03 08:49 - 2019-08-03 08:49 - 000036748 ____A [16FD085C9B1FFBE06842081D4EA21302] () C:\Program Files (x86)\Balabolka\languages\Chinese (Simplified).lng
2019-07-30 08:24 - 2019-07-30 08:24 - 000037839 ____A [86E5F88A783BC0D91824EB0A187EA831] () C:\Program Files (x86)\Balabolka\languages\Chinese (Traditional).lng
2019-07-30 08:24 - 2019-07-30 08:24 - 000040842 ____A [6D11FBAF34F0AABA8293DFAB0B8F418C] () C:\Program Files (x86)\Balabolka\languages\Croatian.lng
2019-07-30 08:24 - 2019-07-30 08:24 - 000042757 ____A [C529BCB589597529BB25E8F93A1E537A] () C:\Program Files (x86)\Balabolka\languages\Czech.lng
2019-07-30 08:24 - 2019-07-30 08:24 - 000041453 ____A [B9A57F87066DDB90F0D1AA3396067139] () C:\Program Files (x86)\Balabolka\languages\Dutch.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000047993 ____A [336579C39E179AAB3ED85197B3AE1F54] () C:\Program Files (x86)\Balabolka\languages\Filipino.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000041496 ____A [65B1353B71F76F21016C68D9848B3AC7] () C:\Program Files (x86)\Balabolka\languages\Finnish.lng
2019-08-15 07:39 - 2019-08-15 07:39 - 000048099 ____A [9D9D571B675E1FF898A4E486B0C6546F] () C:\Program Files (x86)\Balabolka\languages\French.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000046223 ____A [89D000D5EA3A19CA1E108654005A4B18] () C:\Program Files (x86)\Balabolka\languages\German.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000062864 ____A [B77870CF329B717C5C403911ECF61CBA] () C:\Program Files (x86)\Balabolka\languages\Greek.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000048187 ____A [0CABD50E3D50CA81CAD376E6CA260B22] () C:\Program Files (x86)\Balabolka\languages\Hungarian.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000045748 ____A [CD3E1F62C68F79549A3588809DDB3681] () C:\Program Files (x86)\Balabolka\languages\Italian.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000049178 ____A [9C7847D36CF4642B15C35FAA4674154E] () C:\Program Files (x86)\Balabolka\languages\Japanese.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000044669 ____A [E7BD6D1010E6573BBFB6AE4D2B624B99] () C:\Program Files (x86)\Balabolka\languages\Korean.lng
2019-07-30 08:25 - 2019-07-30 08:25 - 000057457 ____A [BE5359B2659A82821F0822D2EAA3E603] () C:\Program Files (x86)\Balabolka\languages\Persian.lng
2019-07-30 08:26 - 2019-07-30 08:26 - 000042748 ____A [39FA18B74DB1AD9C9D73AD6655C4D783] () C:\Program Files (x86)\Balabolka\languages\Polish.lng
2019-07-30 08:26 - 2019-07-30 08:26 - 000045048 ____A [87F83B56FC9BD4E45269CC0397558273] () C:\Program Files (x86)\Balabolka\languages\Portuguese (Brazil).lng
2019-07-31 09:58 - 2019-07-31 09:58 - 000046515 ____A [6A6FFC5B037704F07F25CCBF1C229AA4] () C:\Program Files (x86)\Balabolka\languages\Portuguese (Portugal).lng
2019-07-30 08:26 - 2019-07-30 08:26 - 000044730 ____A [8E64114A250D6C085A2C58ED183BF0A2] () C:\Program Files (x86)\Balabolka\languages\Romanian.lng
2019-07-30 09:34 - 2019-07-30 09:34 - 000074974 ____A [6702922031BCAADE9E18E57B6E851A2C] () C:\Program Files (x86)\Balabolka\languages\Russian.lng
2019-08-05 15:46 - 2019-08-05 15:46 - 000040349 ____A [D4B30BE0059505574D9D053B28E2098D] () C:\Program Files (x86)\Balabolka\languages\sample.txt
2019-07-30 08:26 - 2019-07-30 08:26 - 000056240 ____A [8037994DC99D58589BC3FB1AD6EAC6E8] () C:\Program Files (x86)\Balabolka\languages\Serbian (Cyrillic).lng
2019-07-30 08:26 - 2019-07-30 08:26 - 000040708 ____A [8374ADEC2191D82DB886B8E9AB033318] () C:\Program Files (x86)\Balabolka\languages\Serbian (Latin).lng
2019-07-30 08:26 - 2019-07-30 08:26 - 000043557 ____A [1135078C379827B562EB8CFD1800F28A] () C:\Program Files (x86)\Balabolka\languages\Slovak.lng
2019-07-30 08:26 - 2019-07-30 08:26 - 000042992 ____A [3A85ED513E97C5696ED9CF65FA9606A2] () C:\Program Files (x86)\Balabolka\languages\Slovenian.lng
2019-07-30 18:17 - 2019-07-30 18:17 - 000046663 ____A [514644E04C867698219639DD0367798A] () C:\Program Files (x86)\Balabolka\languages\Spanish.lng
2019-07-30 08:27 - 2019-07-30 08:27 - 000043819 ____A [A4264DE5BB2EB52816AA34C538E23252] () C:\Program Files (x86)\Balabolka\languages\Turkish.lng
2019-07-30 09:35 - 2019-07-30 09:35 - 000074070 ____A [58F13B3C21545233D109BFBF11CE8757] () C:\Program Files (x86)\Balabolka\languages\Ukrainian.lng
2019-07-30 08:27 - 2019-07-30 08:27 - 000044789 ____A [B5ED74BBB363AECFA5A41F62E97BD124] () C:\Program Files (x86)\Balabolka\languages\Vietnamese.lng
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\resources
2018-04-14 05:23 - 2018-04-14 05:23 - 000017246 ____A [E70654D53D95648D393734F97615580D] () C:\Program Files (x86)\Balabolka\resources\ErrorCodes.xml
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\resources\16
2015-07-20 05:04 - 2015-07-20 05:04 - 000000822 ____A [F239BF7FB7D9F60946160668F39682BD] () C:\Program Files (x86)\Balabolka\resources\16\Add Current Line as Named Bookmark.bmp
2011-01-11 11:35 - 2011-01-11 11:35 - 000000822 ____A [AD87CC27E6B1B3110FE8CED371786E10] () C:\Program Files (x86)\Balabolka\resources\16\Audio Clip.bmp
2008-08-05 12:00 - 2008-08-05 12:00 - 000000822 ____A [F781108CA63FE2F326BDCFFCCF40D691] () C:\Program Files (x86)\Balabolka\resources\16\Audio Files.bmp
2013-04-01 06:45 - 2013-04-01 06:45 - 000000822 ____A [FD1E083197E2A3C3FAC6EF8458064C80] () C:\Program Files (x86)\Balabolka\resources\16\Audio Output.bmp
2008-08-05 12:02 - 2008-08-05 12:02 - 000000822 ____A [0F5B4D0CF30337412C995F2A4A720035] () C:\Program Files (x86)\Balabolka\resources\16\Batch File Converter.bmp
2013-04-01 06:44 - 2013-04-01 06:44 - 000000822 ____A [1B80698DCBF9479A06AFED5348151EE6] () C:\Program Files (x86)\Balabolka\resources\16\Buttons.bmp
2015-12-16 13:17 - 2015-12-16 13:17 - 000000822 ____A [870312EB9D0F3FC7E042EE5A569B7511] () C:\Program Files (x86)\Balabolka\resources\16\Check for Update.bmp
2008-08-05 11:49 - 2008-08-05 11:49 - 000000822 ____A [825EED8EE7F7EB13C5378330AC7ACAAA] () C:\Program Files (x86)\Balabolka\resources\16\Clear History.bmp
2012-06-24 07:32 - 2012-06-24 07:32 - 000000822 ____A [88E4B6CBFEC4B36DAD28DBD2C3B709E0] () C:\Program Files (x86)\Balabolka\resources\16\Clipboard Watch.bmp
2008-08-05 11:51 - 2008-08-05 11:51 - 000000822 ____A [9DF000A9ABEA8927E2BA58B087B711B3] () C:\Program Files (x86)\Balabolka\resources\16\Close All Except Current.bmp
2008-08-05 11:51 - 2008-08-05 11:51 - 000000822 ____A [DD9CA7A440BA5BBD38E82407AF81FF3F] () C:\Program Files (x86)\Balabolka\resources\16\Close All.bmp
2008-08-05 11:50 - 2008-08-05 11:50 - 000000822 ____A [94BB0FEF321BFCFDBFFB9F95EAC8BCF4] () C:\Program Files (x86)\Balabolka\resources\16\Close.bmp
2008-11-17 16:06 - 2008-11-17 16:06 - 000000822 ____A [C6E4370A2C68D3992E23B077C822034F] () C:\Program Files (x86)\Balabolka\resources\16\Compare Two Files.bmp
2015-11-26 09:35 - 2015-11-26 09:35 - 000000822 ____A [0DA5E0BBBD5BEFB527E5D606061B2260] () C:\Program Files (x86)\Balabolka\resources\16\Configure Voice.bmp
2008-08-05 11:52 - 2008-08-05 11:52 - 000000822 ____A [28ECE3241D7848F0E901B7FD385734CA] () C:\Program Files (x86)\Balabolka\resources\16\Copy.bmp
2015-07-20 12:31 - 2015-07-20 12:31 - 000000822 ____A [4BAF421C424095B8A89626A9597FDA4F] () C:\Program Files (x86)\Balabolka\resources\16\Create Table of Contents.bmp
2008-08-05 11:52 - 2008-08-05 11:52 - 000000822 ____A [578DE7F7952AE489E7A54D944629F53B] () C:\Program Files (x86)\Balabolka\resources\16\Cut.bmp
2008-08-05 11:59 - 2008-08-05 11:59 - 000000822 ____A [3E7093F2B4EE0068DEB32967848C2935] () C:\Program Files (x86)\Balabolka\resources\16\Decrease Rate.bmp
2018-03-25 16:20 - 2018-03-25 16:20 - 000000822 ____A [7A2B3442FE07995BA965D2486E0C0B8E] () C:\Program Files (x86)\Balabolka\resources\16\Delete.bmp
2011-04-01 10:03 - 2011-04-01 10:03 - 000000822 ____A [524876FBF2EA79304013FDE0D0AF780A] () C:\Program Files (x86)\Balabolka\resources\16\Direct Speech.bmp
2011-06-28 19:15 - 2011-06-28 19:15 - 000000822 ____A [4711F21EA3713BA2297AE822B43091C9] () C:\Program Files (x86)\Balabolka\resources\16\Extract Text from Files.bmp
2008-08-05 12:02 - 2008-08-05 12:02 - 000000822 ____A [0D6E5C07BD6CD65BD222531F5FA69CCC] () C:\Program Files (x86)\Balabolka\resources\16\File Splitter.bmp
2008-08-05 11:54 - 2008-08-05 11:54 - 000000822 ____A [AE65BE9CB4387FF4E874A4CA76B07DC1] () C:\Program Files (x86)\Balabolka\resources\16\Find Homographs.bmp
2008-12-27 20:47 - 2008-12-27 20:47 - 000000822 ____A [49B9B59627117D61970DD266541C08E0] () C:\Program Files (x86)\Balabolka\resources\16\Find Names In Text.bmp
2010-02-13 22:18 - 2010-02-13 22:18 - 000000822 ____A [8E52006417DDA88EA627B09C2997F6CD] () C:\Program Files (x86)\Balabolka\resources\16\Find Pairs of Rules.bmp
2008-08-05 11:53 - 2008-08-05 11:53 - 000000822 ____A [452C5408277BE83A1B575E8F447A7372] () C:\Program Files (x86)\Balabolka\resources\16\Find.bmp
2008-08-05 12:02 - 2008-08-05 12:02 - 000000822 ____A [254873374F1D17A0E6BF1673880E0173] () C:\Program Files (x86)\Balabolka\resources\16\Font and Colors.bmp
2010-01-07 22:42 - 2010-01-07 22:42 - 000000822 ____A [51460DD66627C6779F1995D8702C00D1] () C:\Program Files (x86)\Balabolka\resources\16\Foreign Words.bmp
2008-11-14 19:26 - 2008-11-14 19:26 - 000000822 ____A [83F758ABA2F71E2F233313BA6BCE5B7A] () C:\Program Files (x86)\Balabolka\resources\16\Format Text.bmp
2010-03-21 19:48 - 2010-03-21 19:48 - 000000822 ____A [BAACD7913E09F912E71E45E3B20D81F0] () C:\Program Files (x86)\Balabolka\resources\16\Full Screen.bmp
2008-08-05 13:13 - 2008-08-05 13:13 - 000000822 ____A [34CEE8E8A14CB5DE6A80613A835C902A] () C:\Program Files (x86)\Balabolka\resources\16\Go to Named Bookmark.bmp
2018-04-29 11:14 - 2018-04-29 11:14 - 000000822 ____A [36941707BBFC0FA3F0691330061612FE] () C:\Program Files (x86)\Balabolka\resources\16\Go to Next Bookmark.bmp
2018-04-29 11:14 - 2018-04-29 11:14 - 000000822 ____A [B87B88CEE5677B6B2C6E1570B456C7A6] () C:\Program Files (x86)\Balabolka\resources\16\Go to Previous Bookmark.bmp
2008-08-05 13:11 - 2008-08-05 13:11 - 000000822 ____A [189C059DF26406B090339C79F484C34D] () C:\Program Files (x86)\Balabolka\resources\16\Go to Quick Bookmark.bmp
2008-08-05 12:05 - 2008-08-05 12:05 - 000000822 ____A [9011DF5E50D854420F00A8A2F0DD1A03] () C:\Program Files (x86)\Balabolka\resources\16\Help.bmp
2009-02-12 07:49 - 2009-02-12 07:49 - 000000822 ____A [A44B176F74CFF9A9234FB87317DEE88A] () C:\Program Files (x86)\Balabolka\resources\16\ID3 Tags.bmp
2010-04-25 18:48 - 2010-04-25 18:48 - 000000822 ____A [B33859C7985AE58B53A402147AFE61AF] () C:\Program Files (x86)\Balabolka\resources\16\Images.bmp
2008-08-05 11:58 - 2008-08-05 11:58 - 000000822 ____A [4CF03C0E4CFBBAF194C92EA9DE03764E] () C:\Program Files (x86)\Balabolka\resources\16\Increase Rate.bmp
2008-08-05 13:06 - 2008-08-05 13:06 - 000000822 ____A [891A01C583D8DB03C4A4553FFC8A27E8] () C:\Program Files (x86)\Balabolka\resources\16\Insert Named Bookmark.bmp
2008-08-05 13:05 - 2008-08-05 13:05 - 000000822 ____A [E703B613FB5BD1EBC8FF6325AB8B4B80] () C:\Program Files (x86)\Balabolka\resources\16\Insert Quick Bookmark.bmp
2017-11-16 19:07 - 2017-11-16 19:07 - 000000822 ____A [77B503E9D45665683CAF198606C3E9B1] () C:\Program Files (x86)\Balabolka\resources\16\Insert XML Tag.bmp
2009-02-18 19:46 - 2009-02-18 19:46 - 000000822 ____A [A5C74355AB41CF95F824F57F0BAD53F9] () C:\Program Files (x86)\Balabolka\resources\16\List of Spelling Errors.bmp
2008-08-05 11:59 - 2008-08-05 11:59 - 000000822 ____A [BF3CA977ADB76DD13881A5E2A4BFBD9A] () C:\Program Files (x86)\Balabolka\resources\16\Lower Pitch.bmp
2008-08-05 12:03 - 2008-08-05 12:03 - 000000822 ____A [3B8A071E74A6C30C87F1CFF0DE500E79] () C:\Program Files (x86)\Balabolka\resources\16\Magnifier.bmp
2008-08-05 11:53 - 2008-08-05 11:53 - 000000822 ____A [A39EC2845F739B1C653B54D80057CB1E] () C:\Program Files (x86)\Balabolka\resources\16\Make Lowercase.bmp
2008-08-05 11:53 - 2008-08-05 11:53 - 000000822 ____A [FCC473817D1D0638326D90BC3F7B4C8F] () C:\Program Files (x86)\Balabolka\resources\16\Make Uppercase.bmp
2008-08-05 11:49 - 2008-08-05 11:49 - 000000822 ____A [9B05745682E0E5345F6D5557394E321F] () C:\Program Files (x86)\Balabolka\resources\16\New.bmp
2008-08-05 11:49 - 2008-08-05 11:49 - 000000822 ____A [26D8B92E41B42846C982BBD43FB5FA7E] () C:\Program Files (x86)\Balabolka\resources\16\Open.bmp
2015-11-26 10:48 - 2015-11-26 10:48 - 000000822 ____A [BC0062A91F9B48271EC0F2D560D2813C] () C:\Program Files (x86)\Balabolka\resources\16\Panel of Dictionaries.bmp
2008-08-05 11:52 - 2008-08-05 11:52 - 000000822 ____A [13CF714725B9B4BD15377B67504166F9] () C:\Program Files (x86)\Balabolka\resources\16\Paste.bmp
2008-08-05 11:55 - 2008-08-05 11:55 - 000000822 ____A [70A616A5A3EEB778FFE7A651A105905E] () C:\Program Files (x86)\Balabolka\resources\16\Pause.bmp
2010-02-12 21:55 - 2010-02-12 21:55 - 000000822 ____A [480B5FC0895518095589D5EBA6A46D1B] () C:\Program Files (x86)\Balabolka\resources\16\Profiles.bmp
2010-03-20 20:35 - 2010-03-20 20:35 - 000000822 ____A [25A6FAFA5ABD4824D38DF497AB23125A] () C:\Program Files (x86)\Balabolka\resources\16\Pronunciation.bmp
2008-08-05 11:59 - 2008-08-05 11:59 - 000000822 ____A [27DE49027D6AB2FA5BCED060B46B5F1E] () C:\Program Files (x86)\Balabolka\resources\16\Raise Pitch.bmp
2008-08-05 11:55 - 2008-08-05 11:55 - 000000822 ____A [57664A7012C0D40E6826CA54564DC41E] () C:\Program Files (x86)\Balabolka\resources\16\Read Aloud.bmp
2008-08-05 11:56 - 2008-08-05 11:56 - 000000822 ____A [B81D4049A61D298EC85214A8CB9168C6] () C:\Program Files (x86)\Balabolka\resources\16\Read Clipboard Aloud.bmp
2009-11-10 14:00 - 2009-11-10 14:00 - 000000822 ____A [CBB39960DFF22F66E28E3AAA28147E80] () C:\Program Files (x86)\Balabolka\resources\16\Read Selected Text.bmp
2017-11-16 19:24 - 2017-11-16 19:24 - 000000822 ____A [DA89C8987C5373BC83C392E3088AAE7C] () C:\Program Files (x86)\Balabolka\resources\16\Remove All XML Tags.bmp
2009-02-02 16:59 - 2009-02-02 16:59 - 000000822 ____A [24080E92DE739638974A53BFDFB8B582] () C:\Program Files (x86)\Balabolka\resources\16\Repeat Text.bmp
2008-11-20 20:14 - 2008-11-20 20:14 - 000000822 ____A [4B7F33428642A0191F0CF42DF8529E2A] () C:\Program Files (x86)\Balabolka\resources\16\Replace Numbers with Words.bmp
2008-08-05 11:54 - 2008-08-05 11:54 - 000000822 ____A [844BF2C655BA55FD0B0C401CE86D7D20] () C:\Program Files (x86)\Balabolka\resources\16\Replace.bmp
2008-12-20 15:46 - 2008-12-20 15:46 - 000000822 ____A [89556CBE18AC985953767D300AFA78A7] () C:\Program Files (x86)\Balabolka\resources\16\Replacement Statistics.bmp
2010-03-21 12:51 - 2010-03-21 12:51 - 000000822 ____A [65548B557F24FC4B4D6471F1F365F4CE] () C:\Program Files (x86)\Balabolka\resources\16\Reset Rate and Pitch.bmp
2016-11-06 09:33 - 2016-11-06 09:33 - 000000822 ____A [B693C5D9FF19E844D7A66677E6993412] () C:\Program Files (x86)\Balabolka\resources\16\Save All.bmp
2008-08-05 11:50 - 2008-08-05 11:50 - 000000822 ____A [773F08F8F14E03CC5E7B845EFA81343E] () C:\Program Files (x86)\Balabolka\resources\16\Save As.bmp
2012-04-16 18:20 - 2012-04-16 18:20 - 000000822 ____A [5DBD388F3F12BD11B99682C2F1FF6C09] () C:\Program Files (x86)\Balabolka\resources\16\Save Audio File (TTS).bmp
2008-08-05 11:50 - 2008-08-05 11:50 - 000000822 ____A [62E52F623B560A768E201BF2BC979EBD] () C:\Program Files (x86)\Balabolka\resources\16\Save Audio File.bmp
2008-11-06 06:47 - 2008-11-06 06:47 - 000000822 ____A [ABD220B498D0E9978ED80F915A53FFED] () C:\Program Files (x86)\Balabolka\resources\16\Save.bmp
2008-08-05 12:00 - 2008-08-05 12:00 - 000000822 ____A [D7168E52C0DD0E7212AB5C56866637F2] () C:\Program Files (x86)\Balabolka\resources\16\Settings.bmp
2008-08-05 12:02 - 2008-08-05 12:02 - 000000822 ____A [B1BB1A68A02D5DB154E19D5B2D1C879E] () C:\Program Files (x86)\Balabolka\resources\16\Skins.bmp
2013-03-14 09:00 - 2013-03-14 09:00 - 000000822 ____A [1ADDE77D31BD223A4C8A7E72158FF9CA] () C:\Program Files (x86)\Balabolka\resources\16\Skip to Next Line.bmp
2010-10-22 12:39 - 2010-10-22 12:39 - 000000822 ____A [D74C98625993114EB9FBFA70884C3DBB] () C:\Program Files (x86)\Balabolka\resources\16\Skip to Next Paragraph.bmp
2013-03-14 09:00 - 2013-03-14 09:00 - 000000822 ____A [51EC675DCCADDBE33DEAE43A36D13AC3] () C:\Program Files (x86)\Balabolka\resources\16\Skip to Previous Line.bmp
2010-10-22 12:39 - 2010-10-22 12:39 - 000000822 ____A [7FFEEE3DC5A5FCB455669E032746CB8B] () C:\Program Files (x86)\Balabolka\resources\16\Skip to Previous Paragraph.bmp
2008-08-05 12:01 - 2008-08-05 12:01 - 000000822 ____A [7F337389904DC4A3B7693405E182C699] () C:\Program Files (x86)\Balabolka\resources\16\Spell Checker.bmp
2008-08-05 11:54 - 2008-08-05 11:54 - 000000822 ____A [9EC73DA472A7CC0647232D22D8518F61] () C:\Program Files (x86)\Balabolka\resources\16\Spell Checking.bmp
2019-07-26 01:20 - 2019-07-26 01:20 - 000000822 ____A [7A8D15E68574C348E9B07EEC442C8FD1] () C:\Program Files (x86)\Balabolka\resources\16\Split and Convert (Not Show Window).bmp
2015-11-26 08:37 - 2015-11-26 08:37 - 000000822 ____A [CE41509C0ED1C98AA4B0884650C800C2] () C:\Program Files (x86)\Balabolka\resources\16\Split and Convert to Audio Files.bmp
2014-05-17 08:38 - 2014-05-17 08:38 - 000000822 ____A [79EC4E6AA0505E3B48C0EE2FA1ECD69E] () C:\Program Files (x86)\Balabolka\resources\16\Spritz-Reader.bmp
2008-08-05 11:55 - 2008-08-05 11:55 - 000000822 ____A [107E70764F6B27F406DDB198B6FC31CF] () C:\Program Files (x86)\Balabolka\resources\16\Stop.bmp
2013-07-21 04:59 - 2013-07-21 04:59 - 000000822 ____A [E1AE0A267FE094FC1367DE25D16A02B7] () C:\Program Files (x86)\Balabolka\resources\16\Subtitle Converter.bmp
2013-07-03 06:39 - 2013-07-03 06:39 - 000000822 ____A [10CF96718FEAFE656C5FEB7D4A7BBE34] () C:\Program Files (x86)\Balabolka\resources\16\Text Import.bmp
2010-05-12 17:45 - 2010-05-12 17:45 - 000000822 ____A [7C487E9BDB3978F054CD009842183422] () C:\Program Files (x86)\Balabolka\resources\16\Timer.bmp
2010-06-03 18:49 - 2010-06-03 18:49 - 000000822 ____A [78980D9427C46D798A6E09C16BF765DF] () C:\Program Files (x86)\Balabolka\resources\16\Translate.bmp
2010-04-16 10:04 - 2010-04-16 10:04 - 000000822 ____A [0B651D8C791B9D17C5AF431314BA4D7B] () C:\Program Files (x86)\Balabolka\resources\16\Turn Volume Down.bmp
2010-04-16 10:03 - 2010-04-16 10:03 - 000000822 ____A [A82C9442A8445C35255E3575E3AD17E2] () C:\Program Files (x86)\Balabolka\resources\16\Turn Volume Up.bmp
2008-08-05 11:51 - 2008-08-05 11:51 - 000000822 ____A [4CDA54BF5DB7034A8DDCC3A5C35B5453] () C:\Program Files (x86)\Balabolka\resources\16\Undo.bmp
2008-08-05 11:58 - 2008-08-05 11:58 - 000000822 ____A [EC47237B3500888B2D94FD31116E842A] () C:\Program Files (x86)\Balabolka\resources\16\View Changed Text.bmp
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\resources\16\disabled
2010-03-20 19:28 - 2010-03-20 19:28 - 000000822 ____A [0B53C3C0BE3F0CF75A6B3AE63D56ECEC] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Copy.bmp
2010-03-20 19:07 - 2010-03-20 19:07 - 000000822 ____A [E566CE5D8F2E0FD97E7C61042F31319D] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Cut.bmp
2019-05-31 17:33 - 2019-05-31 17:33 - 000000822 ____A [5936352529CF85FA71CD1E01B803A53D] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Delete.bmp
2010-03-21 17:21 - 2010-03-21 17:21 - 000000822 ____A [E0F2936BC4350493FC2C93A8259C93BD] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Go to Quick Bookmark.bmp
2010-04-25 18:50 - 2010-04-25 18:50 - 000000822 ____A [46C8DA367A11F0571BF6465D12DF75D0] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Images.bmp
2010-03-20 20:19 - 2010-03-20 20:19 - 000000822 ____A [A6AB3C30C27625F5A048C8ADE98F1BD0] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Make Lowercase.bmp
2010-03-20 20:18 - 2010-03-20 20:18 - 000000822 ____A [EB23C61D2FC0A208EBB3C6634D6DCDCB] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Make Uppercase.bmp
2010-03-20 20:07 - 2010-03-20 20:07 - 000000822 ____A [2768316CDBAD3C62677C5C7C7555DE74] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Paste.bmp
2010-03-21 11:31 - 2010-03-21 11:31 - 000000822 ____A [CB8C6A615AF81EDD75D83024074E0D0E] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Pause.bmp
2010-03-20 20:39 - 2010-03-20 20:39 - 000000822 ____A [DC80D7A7B03AAA69EE92C548880532AA] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Pronunciation.bmp
2010-03-21 11:31 - 2010-03-21 11:31 - 000000822 ____A [BD8D65CD19D8D97F664058D32BB7DD87] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Read Aloud.bmp
2010-03-21 11:44 - 2010-03-21 11:44 - 000000822 ____A [B8A4BFE276F3FDB17CBA5565F8B4CE91] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Read Clipboard Aloud.bmp
2010-03-21 11:44 - 2010-03-21 11:44 - 000000822 ____A [31BD9BC7FF9601A0BE60C7C02D620320] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Read Selected Text.bmp
2010-03-21 10:29 - 2010-03-21 10:29 - 000000822 ____A [97366D82EE30FAC62585FADB616C1A51] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Spell Checking.bmp
2010-03-21 11:30 - 2010-03-21 11:30 - 000000822 ____A [666C1A375407947CF919E80647282F5F] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Stop.bmp
2010-03-20 16:07 - 2010-03-20 16:07 - 000000822 ____A [C06A8F9B91369595BA6D63E7025664B2] () C:\Program Files (x86)\Balabolka\resources\16\disabled\Undo.bmp
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\resources\24
2015-07-20 05:05 - 2015-07-20 05:05 - 000001782 ____A [2DE1BD7AC001FEC33692857652450191] () C:\Program Files (x86)\Balabolka\resources\24\Add Current Line as Named Bookmark.bmp
2011-01-11 11:33 - 2011-01-11 11:33 - 000001782 ____A [FAA9F731FD1C3E37D2B0430870BC2077] () C:\Program Files (x86)\Balabolka\resources\24\Audio Clip.bmp
2010-04-07 04:50 - 2010-04-07 04:50 - 000001782 ____A [EEA929BF1FF4AE7713AAB400CAB2FA43] () C:\Program Files (x86)\Balabolka\resources\24\Audio Files.bmp
2013-04-01 06:46 - 2013-04-01 06:46 - 000001782 ____A [1628520378EC9D28CE7C19BECAAB5CC1] () C:\Program Files (x86)\Balabolka\resources\24\Audio Output.bmp
2010-04-07 04:53 - 2010-04-07 04:53 - 000001782 ____A [D6A23FCC88A5C83C8837365125C0237D] () C:\Program Files (x86)\Balabolka\resources\24\Batch File Converter.bmp
2013-04-01 06:44 - 2013-04-01 06:44 - 000001782 ____A [2858A924764E076B9E01DE37B070680C] () C:\Program Files (x86)\Balabolka\resources\24\Buttons.bmp
2015-12-16 13:19 - 2015-12-16 13:19 - 000001782 ____A [A6F371CF437ADC74A4F66A7C7F1F6B79] () C:\Program Files (x86)\Balabolka\resources\24\Check for Update.bmp
2010-04-07 04:37 - 2010-04-07 04:37 - 000001782 ____A [8829478A710DC308E3CE602B36B22E45] () C:\Program Files (x86)\Balabolka\resources\24\Clear History.bmp
2012-06-24 07:32 - 2012-06-24 07:32 - 000001782 ____A [D2EAEE5377F4E4558A00D58BAA378A41] () C:\Program Files (x86)\Balabolka\resources\24\Clipboard Watch.bmp
2010-04-07 04:40 - 2010-04-07 04:40 - 000001782 ____A [C6DE64202FAF233E29FCDADA256F8CA9] () C:\Program Files (x86)\Balabolka\resources\24\Close All Except Current.bmp
2010-04-07 04:39 - 2010-04-07 04:39 - 000001782 ____A [3FF8CA33F357DAC087878A80FAD0F8A3] () C:\Program Files (x86)\Balabolka\resources\24\Close All.bmp
2010-04-07 04:39 - 2010-04-07 04:39 - 000001782 ____A [6D12FA0BD0B07CC1BC22AA606D33F16A] () C:\Program Files (x86)\Balabolka\resources\24\Close.bmp
2010-04-07 04:53 - 2010-04-07 04:53 - 000001782 ____A [B1828AAF167673626A8BFA19C3645E07] () C:\Program Files (x86)\Balabolka\resources\24\Compare Two Files.bmp
2010-04-07 04:51 - 2010-04-07 04:51 - 000001782 ____A [A1950C39CB1A3CFCEDCD05B6CBC3331B] () C:\Program Files (x86)\Balabolka\resources\24\Configure Voice.bmp
2010-04-07 04:40 - 2010-04-07 04:40 - 000001782 ____A [C8E111945D1F682FA7E12182B3A7FF2C] () C:\Program Files (x86)\Balabolka\resources\24\Copy.bmp
2015-07-20 12:38 - 2015-07-20 12:38 - 000001782 ____A [16954F62788C337FFEC54676A2D7FE6E] () C:\Program Files (x86)\Balabolka\resources\24\Create Table of Contents.bmp
2010-04-07 04:40 - 2010-04-07 04:40 - 000001782 ____A [2CC0481480376142F2632104D2AFB1F0] () C:\Program Files (x86)\Balabolka\resources\24\Cut.bmp
2010-04-07 04:49 - 2010-04-07 04:49 - 000001782 ____A [0854FABF1475857224356A4DAF772BFF] () C:\Program Files (x86)\Balabolka\resources\24\Decrease Rate.bmp
2018-03-25 16:21 - 2018-03-25 16:21 - 000001782 ____A [F15C130EA0F606E63040E2DDEAE214D4] () C:\Program Files (x86)\Balabolka\resources\24\Delete.bmp
2011-04-01 10:04 - 2011-04-01 10:04 - 000001782 ____A [5EADD8C59A50BE86C086BFB159B5A082] () C:\Program Files (x86)\Balabolka\resources\24\Direct Speech.bmp
2011-06-28 19:16 - 2011-06-28 19:16 - 000001782 ____A [E97AFBC89774C26377CF36ADD57C90C0] () C:\Program Files (x86)\Balabolka\resources\24\Extract Text from Files.bmp
2010-04-07 04:52 - 2010-04-07 04:52 - 000001782 ____A [D273145C334CBEAAA384B1702A145585] () C:\Program Files (x86)\Balabolka\resources\24\File Splitter.bmp
2010-04-07 04:44 - 2010-04-07 04:44 - 000001782 ____A [7AB3FC6A4E89C9EDF1E70CE43A7BE5DC] () C:\Program Files (x86)\Balabolka\resources\24\Find Homographs.bmp
2010-04-07 04:48 - 2010-04-07 04:48 - 000001782 ____A [7EF32A74131C4933886DECD9427B0602] () C:\Program Files (x86)\Balabolka\resources\24\Find Names in Text.bmp
2010-04-07 04:48 - 2010-04-07 04:48 - 000001782 ____A [DBF842C15718114D1699F9D39FE3443E] () C:\Program Files (x86)\Balabolka\resources\24\Find Pairs of Rules.bmp
2010-04-07 04:43 - 2010-04-07 04:43 - 000001782 ____A [38D34B7F733036E183269581B839C6D0] () C:\Program Files (x86)\Balabolka\resources\24\Find.bmp
2010-04-07 04:51 - 2010-04-07 04:51 - 000001782 ____A [FCB51DAE31FE6E66A3C072F7E0EA8A55] () C:\Program Files (x86)\Balabolka\resources\24\Font and Colors.bmp
2010-04-07 04:45 - 2010-04-07 04:45 - 000001782 ____A [EA2F9070AB55304A1506F97166959143] () C:\Program Files (x86)\Balabolka\resources\24\Foreign Words.bmp
2010-04-07 04:44 - 2010-04-07 04:44 - 000001782 ____A [6CE4FEA4D81C5F626207D2C4086B2FDB] () C:\Program Files (x86)\Balabolka\resources\24\Format Text.bmp
2010-04-07 04:52 - 2010-04-07 04:52 - 000001782 ____A [754C6391D98A91422BD3B3B1EAF61AA9] () C:\Program Files (x86)\Balabolka\resources\24\Full Screen.bmp
2010-04-24 13:19 - 2010-04-24 13:19 - 000001782 ____A [3960427945D5C5559A2001C7DA97EA29] () C:\Program Files (x86)\Balabolka\resources\24\Go to Named Bookmark.bmp
2018-04-29 11:14 - 2018-04-29 11:14 - 000001782 ____A [36A47260A3674D35964042F7254F450E] () C:\Program Files (x86)\Balabolka\resources\24\Go to Next Bookmark.bmp
2018-04-29 11:15 - 2018-04-29 11:15 - 000001782 ____A [3996760F74E608C83F5ADF93E98BCE7D] () C:\Program Files (x86)\Balabolka\resources\24\Go to Previous Bookmark.bmp
2010-04-07 04:55 - 2010-04-07 04:55 - 000001782 ____A [FA3224C9848C58996E2ADFFF677566A3] () C:\Program Files (x86)\Balabolka\resources\24\Go to Quick Bookmark.bmp
2010-04-07 04:56 - 2010-04-07 04:56 - 000001782 ____A [9F0D39455F79FF1D9CDFFF5E787EFC38] () C:\Program Files (x86)\Balabolka\resources\24\Help.bmp
2010-04-07 04:39 - 2010-04-07 04:39 - 000001782 ____A [3C6E500D6F66483CA717069A011DDEFD] () C:\Program Files (x86)\Balabolka\resources\24\ID3 Tags.bmp
2010-04-25 18:48 - 2010-04-25 18:48 - 000001782 ____A [F36A229F881DA491CB1B1BA08B98FA9D] () C:\Program Files (x86)\Balabolka\resources\24\Images.bmp
2010-04-07 04:49 - 2010-04-07 04:49 - 000001782 ____A [0A4D6B904324B60D709500000281118D] () C:\Program Files (x86)\Balabolka\resources\24\Increase Rate.bmp
2010-04-07 04:55 - 2010-04-07 04:55 - 000001782 ____A [B553A7CD6F5F6938107047C727EC888C] () C:\Program Files (x86)\Balabolka\resources\24\Insert Named Bookmark.bmp
2010-04-07 04:54 - 2010-04-07 04:54 - 000001782 ____A [EEAAEEF7A09E3AAAF5AA3C7D81A0E886] () C:\Program Files (x86)\Balabolka\resources\24\Insert Quick Bookmark.bmp
2017-11-16 19:12 - 2017-11-16 19:12 - 000001782 ____A [A886E3AB18FB7E08E047B4558FE625FB] () C:\Program Files (x86)\Balabolka\resources\24\Insert XML Tag.bmp
2010-04-07 04:53 - 2010-04-07 04:53 - 000001782 ____A [164E7343F7A19CF1900ED6653ED9CBBD] () C:\Program Files (x86)\Balabolka\resources\24\List of Spelling Errors.bmp
2010-04-07 04:50 - 2010-04-07 04:50 - 000001782 ____A [5B8B0FCD2C23BDF85770A58636151EB4] () C:\Program Files (x86)\Balabolka\resources\24\Lower Pitch.bmp
2010-04-07 04:54 - 2010-04-07 04:54 - 000001782 ____A [6CFC62976CB97C30D2680F159D46026B] () C:\Program Files (x86)\Balabolka\resources\24\Magnifier.bmp
2010-04-07 04:41 - 2010-04-07 04:41 - 000001782 ____A [F9522BB86B4E2A79C07E6F13478CE4B3] () C:\Program Files (x86)\Balabolka\resources\24\Make Lowercase.bmp
2010-04-07 04:41 - 2010-04-07 04:41 - 000001782 ____A [82A0A61C377833A4E6C72169AE69DF34] () C:\Program Files (x86)\Balabolka\resources\24\Make Uppercase.bmp
2010-04-07 04:37 - 2010-04-07 04:37 - 000001782 ____A [71D07A702D6D3F7EE815B10914E9CB11] () C:\Program Files (x86)\Balabolka\resources\24\New.bmp
2010-04-07 04:37 - 2010-04-07 04:37 - 000001782 ____A [54590D89C275CF0CAA11033D61CD2421] () C:\Program Files (x86)\Balabolka\resources\24\Open.bmp
2010-04-07 04:52 - 2010-04-07 04:52 - 000001782 ____A [666BA125AE4C10B589C8F6C8461F2C8C] () C:\Program Files (x86)\Balabolka\resources\24\Panel of Dictionaries.bmp
2010-04-07 04:40 - 2010-04-07 04:40 - 000001782 ____A [1398865B370498ECDEF8DDF913352E55] () C:\Program Files (x86)\Balabolka\resources\24\Paste.bmp
2010-04-07 04:46 - 2010-04-07 04:46 - 000001782 ____A [0334E32A038C612E659002083FB6B5E3] () C:\Program Files (x86)\Balabolka\resources\24\Pause.bmp
2010-04-07 04:48 - 2010-04-07 04:48 - 000001782 ____A [254238E12D7474783E2A8A5750ECA714] () C:\Program Files (x86)\Balabolka\resources\24\Profiles.bmp
2010-04-07 04:43 - 2010-04-07 04:43 - 000001782 ____A [6BC75B04CFFD994C8FB947B30616112E] () C:\Program Files (x86)\Balabolka\resources\24\Pronunciation.bmp
2010-04-07 04:49 - 2010-04-07 04:49 - 000001782 ____A [37994F39BAB9E4C47519D770B9FF5A00] () C:\Program Files (x86)\Balabolka\resources\24\Raise Pitch.bmp
2010-04-07 04:45 - 2010-04-07 04:45 - 000001782 ____A [32BCB2705A113A3C78F7CED51CF07B58] () C:\Program Files (x86)\Balabolka\resources\24\Read Aloud.bmp
2010-04-07 04:47 - 2010-04-07 04:47 - 000001782 ____A [9EFC8A5F8A64E80BF7B938D6D828C492] () C:\Program Files (x86)\Balabolka\resources\24\Read Clipboard Aloud.bmp
2010-04-07 04:47 - 2010-04-07 04:47 - 000001782 ____A [D0E9F26E3E764D0A09A3A1719E9271F8] () C:\Program Files (x86)\Balabolka\resources\24\Read Selected Text.bmp
2017-11-16 19:23 - 2017-11-16 19:23 - 000001782 ____A [1679CCC41BCB5922404654B3D4C0D53A] () C:\Program Files (x86)\Balabolka\resources\24\Remove All XML Tags.bmp
2010-04-07 04:53 - 2010-04-07 04:53 - 000001782 ____A [85D38E1DA50ED0D14DA288E09BB9F2B2] () C:\Program Files (x86)\Balabolka\resources\24\Repeat Text.bmp
2010-04-07 04:45 - 2010-04-07 04:45 - 000001782 ____A [E24CA1D4BF7BFA82B53EACC813B94E47] () C:\Program Files (x86)\Balabolka\resources\24\Replace Numbers with Words.bmp
2010-04-07 04:43 - 2010-04-07 04:43 - 000001782 ____A [A02AADAB11DBCBD963875C88EA7B06A0] () C:\Program Files (x86)\Balabolka\resources\24\Replace.bmp
2010-04-07 04:47 - 2010-04-07 04:47 - 000001782 ____A [AD1D24CA414E0AF2D15505864A486922] () C:\Program Files (x86)\Balabolka\resources\24\Replacement Statistics.bmp
2010-04-07 04:50 - 2010-04-07 04:50 - 000001782 ____A [4529862D1801B7C83D93379CD638B541] () C:\Program Files (x86)\Balabolka\resources\24\Reset Rate and Pitch.bmp
2016-11-06 09:39 - 2016-11-06 09:39 - 000001782 ____A [C5670C3605E3A1FBFA0D03AD6D69056B] () C:\Program Files (x86)\Balabolka\resources\24\Save All.bmp
2010-04-07 04:38 - 2010-04-07 04:38 - 000001782 ____A [2A8E5779504BCC3EC12204A3DD829988] () C:\Program Files (x86)\Balabolka\resources\24\Save As.bmp
2012-04-16 18:23 - 2012-04-16 18:23 - 000001782 ____A [F3D40DF7E504B3B71A9E02FC72F67F54] () C:\Program Files (x86)\Balabolka\resources\24\Save Audio File (TTS).bmp
2010-04-07 04:38 - 2010-04-07 04:38 - 000001782 ____A [25D48F1D10301D3DF8B24CE990CC12DE] () C:\Program Files (x86)\Balabolka\resources\24\Save Audio File.bmp
2015-11-26 18:31 - 2015-11-26 18:31 - 000001782 ____A [7FFD481EFFFB0E1FF6DC0E810EB1D9B5] () C:\Program Files (x86)\Balabolka\resources\24\Save.bmp
2010-04-07 04:50 - 2010-04-07 04:50 - 000001782 ____A [FDF972931697F7A20C068F2A316CC1F1] () C:\Program Files (x86)\Balabolka\resources\24\Settings.bmp
2010-04-07 04:51 - 2010-04-07 04:51 - 000001782 ____A [3FC40CBBC0FD33159E4EF03BBF420111] () C:\Program Files (x86)\Balabolka\resources\24\Skins.bmp
2013-03-14 09:06 - 2013-03-14 09:06 - 000001782 ____A [A9FF681C4156350150B985C93C89F537] () C:\Program Files (x86)\Balabolka\resources\24\Skip to Next Line.bmp
2010-10-22 12:39 - 2010-10-22 12:39 - 000001782 ____A [AEFDC9B7990807739E8F5ED220CAC9ED] () C:\Program Files (x86)\Balabolka\resources\24\Skip to Next Paragraph.bmp
2013-03-14 09:12 - 2013-03-14 09:12 - 000001782 ____A [84ABCCD41F21A9367AFBFF3842546D5B] () C:\Program Files (x86)\Balabolka\resources\24\Skip to Previous Line.bmp
2010-10-22 12:39 - 2010-10-22 12:39 - 000001782 ____A [47E085AB1484802873E708ABC47C8A78] () C:\Program Files (x86)\Balabolka\resources\24\Skip to Previous Paragraph.bmp
2010-04-07 04:51 - 2010-04-07 04:51 - 000001782 ____A [C77D29E75350007694789D1236135B53] () C:\Program Files (x86)\Balabolka\resources\24\Spell Checker.bmp
2010-04-07 04:43 - 2010-04-07 04:43 - 000001782 ____A [F665A1468C025708C720E02F364C70E4] () C:\Program Files (x86)\Balabolka\resources\24\Spell Checking.bmp
2019-07-26 01:16 - 2019-07-26 01:16 - 000001782 ____A [BDB3823F9A256768E2BF10A3550219E8] () C:\Program Files (x86)\Balabolka\resources\24\Split and Convert (Not Show Window).bmp
2015-11-26 08:41 - 2015-11-26 08:41 - 000001782 ____A [8F45219ECE817370C4741AFB31B822D4] () C:\Program Files (x86)\Balabolka\resources\24\Split and Convert to Audio Files.bmp
2014-05-17 08:39 - 2014-05-17 08:39 - 000001782 ____A [90D9ADF2FD4AA8357267D4BB36705EE0] () C:\Program Files (x86)\Balabolka\resources\24\Spritz-Reader.bmp
2010-04-07 04:46 - 2010-04-07 04:46 - 000001782 ____A [C41518076E560DF9F38B49A1B8DEF8AA] () C:\Program Files (x86)\Balabolka\resources\24\Stop.bmp
2013-07-21 04:59 - 2013-07-21 04:59 - 000001782 ____A [667A6D86D466B5B6A01EB4208EE860F1] () C:\Program Files (x86)\Balabolka\resources\24\Subtitle Converter.bmp
2013-07-03 06:59 - 2013-07-03 06:59 - 000001782 ____A [AD95C5CE889ED466FF27C3C0AF9299D6] () C:\Program Files (x86)\Balabolka\resources\24\Text Import.bmp
2010-05-12 17:48 - 2010-05-12 17:48 - 000001782 ____A [9B4DD4FD18946E9FB0E19DAD7A943960] () C:\Program Files (x86)\Balabolka\resources\24\Timer.bmp
2010-06-04 05:47 - 2010-06-04 05:47 - 000001782 ____A [43A5DA1F0A108C7ACC1359D0CDDECFE2] () C:\Program Files (x86)\Balabolka\resources\24\Translate.bmp
2010-04-16 10:04 - 2010-04-16 10:04 - 000001782 ____A [7203932D0A83D21A2A3570CF234EE05D] () C:\Program Files (x86)\Balabolka\resources\24\Turn Volume Down.bmp
2010-04-16 10:04 - 2010-04-16 10:04 - 000001782 ____A [E5455FB71F0B1677B21A1F84906A23FD] () C:\Program Files (x86)\Balabolka\resources\24\Turn Volume Up.bmp
2010-04-07 04:40 - 2010-04-07 04:40 - 000001782 ____A [C4DE08B838E5A809E8B8BD114285C509] () C:\Program Files (x86)\Balabolka\resources\24\Undo.bmp
2010-04-07 04:47 - 2010-04-07 04:47 - 000001782 ____A [83E597A8412441C0AF50CDBFCBF1CF11] () C:\Program Files (x86)\Balabolka\resources\24\View Changed Text.bmp
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\resources\24\disabled
2010-04-07 18:16 - 2010-04-07 18:16 - 000001782 ____A [909112AE249CA9083756036A54AF7D3D] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Copy.bmp
2010-04-07 18:15 - 2010-04-07 18:15 - 000001782 ____A [4BDFF3CCD73D59E4769E8F32C9D7F1FC] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Cut.bmp
2019-05-31 17:34 - 2019-05-31 17:34 - 000001782 ____A [18FA9CCAF00EB727F0F35EE277ED5F52] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Delete.bmp
2010-04-07 18:23 - 2010-04-07 18:23 - 000001782 ____A [6C09269147717A64F903AE22B8593DD9] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Go to Quick Bookmark.bmp
2010-04-25 18:49 - 2010-04-25 18:49 - 000001782 ____A [60785E3FEDE0B0FBDD1B1D55DBE68223] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Images.bmp
2010-04-07 18:17 - 2010-04-07 18:17 - 000001782 ____A [87332FB7BF1D8F75277427C1A6DACD09] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Make Lowercase.bmp
2010-04-07 18:18 - 2010-04-07 18:18 - 000001782 ____A [E298051CC5223387DFA2F311705C3362] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Make Uppercase.bmp
2010-04-07 18:16 - 2010-04-07 18:16 - 000001782 ____A [0F8185C2E886D240B399DC4CE26AFF6E] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Paste.bmp
2010-04-07 18:21 - 2010-04-07 18:21 - 000001782 ____A [269245E34475DB84865EAB124DFAF22B] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Pause.bmp
2010-04-07 18:26 - 2010-04-07 18:26 - 000001782 ____A [691A846FF5F2D883D6A8C7F83A5BE73D] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Pronunciation.bmp
2010-04-07 18:20 - 2010-04-07 18:20 - 000001782 ____A [1A9360FA8DDF07C3B2B41F55443453F4] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Read Aloud.bmp
2010-04-07 18:23 - 2010-04-07 18:23 - 000001782 ____A [10DD291268FFA14DA5368E0D17588406] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Read Clipboard Aloud.bmp
2010-04-07 18:22 - 2010-04-07 18:22 - 000001782 ____A [5690B3871A8D01CDBB1532C262EA9069] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Read Selected Text.bmp
2010-04-07 18:19 - 2010-04-07 18:19 - 000001782 ____A [D1C309852B860809D198281411109A8D] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Spell Checking.bmp
2010-04-07 18:21 - 2010-04-07 18:21 - 000001782 ____A [1B08D53F226D69255FA494A46C2D9D9B] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Stop.bmp
2010-04-07 18:14 - 2010-04-07 18:14 - 000001782 ____A [59F4090CB0A6D44455EC4C06E98C119F] () C:\Program Files (x86)\Balabolka\resources\24\disabled\Undo.bmp
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\skins
2015-03-03 13:25 - 2015-03-03 13:25 - 000080729 ____A [E8C74506EC4F377C5D626BA289EC9068] () C:\Program Files (x86)\Balabolka\skins\Air.asz
2015-03-07 03:32 - 2015-03-07 03:32 - 000051912 ____A [9C49ABFAB61B09AF1B7CF4F61FBEDF94] () C:\Program Files (x86)\Balabolka\skins\AlterMetro.asz
2015-04-05 12:24 - 2015-04-05 12:24 - 000050091 ____A [FBF4C2CF9AAF418E3A8714993E0BD964] () C:\Program Files (x86)\Balabolka\skins\Android OS.asz
2015-04-05 12:24 - 2015-04-05 12:24 - 000071244 ____A [784CA9C912E5BE0797F93D7F0182877E] () C:\Program Files (x86)\Balabolka\skins\AutumnSky.asz
2015-03-03 13:33 - 2015-03-03 13:33 - 000073420 ____A [F998F15E44ABD3D2B889BA1855AE94D9] () C:\Program Files (x86)\Balabolka\skins\Black Box.asz
2015-04-05 12:22 - 2015-04-05 12:22 - 000022445 ____A [3D2044DCC601CC62A0F4E7E02AA3DE89] () C:\Program Files (x86)\Balabolka\skins\BlueGauze.asz
2015-03-05 10:53 - 2015-03-05 10:53 - 000037442 ____A [5CEAB66F7BA0703E674AFF79AD9E1CD1] () C:\Program Files (x86)\Balabolka\skins\Calcium.asz
2015-03-18 13:23 - 2015-03-18 13:23 - 000045897 ____A [7434BDB1E4BF03DA1E3F0B1AC0D2D670] () C:\Program Files (x86)\Balabolka\skins\DarkMetro.asz
2015-02-22 06:52 - 2015-02-22 06:52 - 000073187 ____A [EFAEE46967E500948C21A3E6C2204AE5] () C:\Program Files (x86)\Balabolka\skins\Flatline.asz
2015-01-25 12:06 - 2015-01-25 12:06 - 000075929 ____A [71DB40BA51FBB3DDD2185261DB42273B] () C:\Program Files (x86)\Balabolka\skins\FM.asz
2015-02-22 06:54 - 2015-02-22 06:54 - 000033300 ____A [1D6750FB6630EDC104B9D5808E1157A1] () C:\Program Files (x86)\Balabolka\skins\GPlus.asz
2015-01-25 12:32 - 2015-01-25 12:32 - 000052681 ____A [B18003D2D5CDAA05FC0B472DF13C63C4] () C:\Program Files (x86)\Balabolka\skins\iOS dark.asz
2015-01-25 12:44 - 2015-01-25 12:44 - 000025635 ____A [845F3F814903A14D1E11172DB9FF45F4] () C:\Program Files (x86)\Balabolka\skins\LongHorn.asz
2015-01-25 12:52 - 2015-01-25 12:52 - 000021475 ____A [38C7675E8A46F3609655BC58DA4F0F0F] () C:\Program Files (x86)\Balabolka\skins\MetroUI.asz
2015-02-22 11:42 - 2015-02-22 11:42 - 000078898 ____A [05D35FE2EB8CA04474048D7DD0AF544B] () C:\Program Files (x86)\Balabolka\skins\Moonlight.asz
2015-02-23 03:22 - 2015-02-23 03:22 - 000041659 ____A [C24026892902F636CA469B05E4320F48] () C:\Program Files (x86)\Balabolka\skins\Neutral.asz
2015-01-25 13:16 - 2015-01-25 13:16 - 000031020 ____A [0C98CF3C37F23B34431363783F6E6375] () C:\Program Files (x86)\Balabolka\skins\Opus.asz
2015-02-12 11:01 - 2015-02-12 11:01 - 000125613 ____A [08EE75A2B78BA9197D63D474DF229F62] () C:\Program Files (x86)\Balabolka\skins\Sapphire.asz
2015-02-22 06:59 - 2015-02-22 06:59 - 000108667 ____A [04A7489D9FE61607A2A6D55901052264] () C:\Program Files (x86)\Balabolka\skins\Subway.asz
2015-01-25 13:35 - 2015-01-25 13:35 - 000108824 ____A [F35D61638B5227ADC2E6BF1039694DA2] () C:\Program Files (x86)\Balabolka\skins\Topaz.asz
2015-01-25 13:43 - 2015-01-25 13:43 - 000078517 ____A [9133EE9EB9F0599D6BB76E4F0BA0012D] () C:\Program Files (x86)\Balabolka\skins\Vienna.asz
2015-02-22 07:01 - 2015-02-22 07:01 - 000048149 ____A [B4371F823283103F2E44D91D0D6142E6] () C:\Program Files (x86)\Balabolka\skins\WEB.asz
2015-01-25 13:49 - 2015-01-25 13:49 - 000034308 ____A [D11D71BEA041358E9890C515C1B41BF2] () C:\Program Files (x86)\Balabolka\skins\WLM.asz
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\sounds
2016-02-23 08:04 - 2016-02-23 08:04 - 000106020 ____A [86197059E917A25CEB32641771DD6DEA] () C:\Program Files (x86)\Balabolka\sounds\error.wav
1998-05-15 13:01 - 1998-05-15 13:01 - 000080856 ____A [18E639792D3767436AC6955EB60E4F54] () C:\Program Files (x86)\Balabolka\sounds\finish.wav
2003-10-04 15:22 - 2003-10-04 15:22 - 000010970 ____A [A0C536D3CD6F477093CB79F6E7D124A3] () C:\Program Files (x86)\Balabolka\sounds\timer.wav
2019-09-03 20:21 - 2019-09-03 20:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Balabolka\utils
2008-06-22 03:58 - 2008-06-22 03:58 - 000134656 ____A [0AA4EE0A869BA2D4A9375734A9D8FC72] () C:\Program Files (x86)\Balabolka\utils\chsdet.dll
2010-08-17 10:54 - 2010-08-17 10:54 - 000551096 ____A [5155AE6EFACC75084FB1A9884BE552EA] () C:\Program Files (x86)\Balabolka\utils\freetype6.dll
2009-10-27 14:21 - 2009-10-27 14:21 - 000116224 ____A [2D28E4BF2BB56471AB45127ACAF819DC] (http://hunspell.sourceforge.net/) C:\Program Files (x86)\Balabolka\utils\hunspell.dll
2004-01-13 18:56 - 2004-01-13 18:56 - 000892928 ____A [D7CBBEDFAD7AD68E12BF6FFCC01C3080] (Free Software Foundation) C:\Program Files (x86)\Balabolka\utils\iconv.dll
2010-09-12 02:22 - 2010-09-12 02:22 - 000152489 ____A [EB2D4C4D4A527BC88A69A16CC99AFCF5] (Free Software Foundation) C:\Program Files (x86)\Balabolka\utils\intl.dll
2011-11-22 03:48 - 2011-11-22 03:48 - 001294335 ____A [C0DA2A3AB704F338F0FC6DF51FD99497] () C:\Program Files (x86)\Balabolka\utils\libcairo-2.dll
2009-07-30 05:28 - 2009-07-30 05:28 - 000257706 ____A [492C10793C3A7F79CCC6903AAA7280D5] () C:\Program Files (x86)\Balabolka\utils\libcroco-0.6-3.dll
2009-01-31 16:42 - 2009-01-31 16:42 - 000143096 ____A [701659D3689BF4A8265B669B7D774255] () C:\Program Files (x86)\Balabolka\utils\libexpat-1.dll
2010-02-05 15:55 - 2010-02-05 15:55 - 000279059 ____A [DD583BEDC5EFE7BBD21A8EF107DEC88D] () C:\Program Files (x86)\Balabolka\utils\libfontconfig-1.dll
2011-11-21 06:13 - 2011-11-21 06:13 - 000285194 ____A [E4C64B0E7E4C6606F3973A16C0C1EE84] (The GTK developer community) C:\Program Files (x86)\Balabolka\utils\libgdk_pixbuf-2.0-0.dll
2011-07-19 03:01 - 2011-07-19 03:01 - 001222182 ____A [EA1263FB4C2230284F3E30C446BFEA6B] (The GLib developer community) C:\Program Files (x86)\Balabolka\utils\libgio-2.0-0.dll
2011-07-19 02:42 - 2011-07-19 02:42 - 001242929 ____A [18E88B04DA123BF05B07FF60A4E96654] (The GLib developer community) C:\Program Files (x86)\Balabolka\utils\libglib-2.0-0.dll
2011-07-19 02:50 - 2011-07-19 02:50 - 000036986 ____A [B0B2396FC6413016A45A5E8CA2EA8152] (The GLib developer community) C:\Program Files (x86)\Balabolka\utils\libgmodule-2.0-0.dll
2011-07-19 02:53 - 2011-07-19 02:53 - 000341594 ____A [356D697647A480562C4E2E921B13F8ED] (The GLib developer community) C:\Program Files (x86)\Balabolka\utils\libgobject-2.0-0.dll
2011-07-19 02:50 - 2011-07-19 02:50 - 000044287 ____A [7AD6F303082B382BFF7BAFBAB246C61F] (The GLib developer community) C:\Program Files (x86)\Balabolka\utils\libgthread-2.0-0.dll
2012-05-07 23:16 - 2012-05-07 23:16 - 000108544 ____A [51C86C84D52464BD856B9283CB8EDFDD] () C:\Program Files (x86)\Balabolka\utils\libjpeg.dll
2011-11-17 07:53 - 2011-11-17 07:53 - 000333729 ____A [5A14EFD93EE27CFE960220FE4A904911] (Red Hat Software) C:\Program Files (x86)\Balabolka\utils\libpango-1.0-0.dll
2011-11-17 07:53 - 2011-11-17 07:53 - 000104729 ____A [D3AD38599649097A3645777FF95BE08E] (Red Hat Software) C:\Program Files (x86)\Balabolka\utils\libpangocairo-1.0-0.dll
2011-11-17 07:53 - 2011-11-17 07:53 - 000815421 ____A [1DBFEAD06E26EDB81F0849490210E3FF] (Red Hat Software) C:\Program Files (x86)\Balabolka\utils\libpangoft2-1.0-0.dll
2011-11-17 07:53 - 2011-11-17 07:53 - 000108945 ____A [D07F128828225B7CC38E9E590EB3BA8A] (Red Hat Software) C:\Program Files (x86)\Balabolka\utils\libpangowin32-1.0-0.dll
2010-08-17 10:38 - 2010-08-17 10:38 - 000230529 ____A [F3A15497E25BAAA721F96638D7A4D2F8] () C:\Program Files (x86)\Balabolka\utils\libpng14-14.dll
2010-12-27 12:44 - 2010-12-27 12:44 - 000273302 ____A [36E19697D719A72F1DC3A27955E176C1] () C:\Program Files (x86)\Balabolka\utils\librsvg-2-2.dll
2011-06-19 14:52 - 2011-06-19 14:52 - 000987136 ____A [7EE993251D55A2EAB74340D27FF82260] () C:\Program Files (x86)\Balabolka\utils\libxml2-2.dll
2012-05-07 23:16 - 2012-05-07 23:16 - 000065024 ____A [021F1D43E734728EB0549E074D635789] () C:\Program Files (x86)\Balabolka\utils\libz.dll
2010-10-02 17:54 - 2010-10-02 17:54 - 000204800 ____A [2FEE8DA919366F2C69D4F4245E623CE1] (Nokia) C:\Program Files (x86)\Balabolka\utils\MMConverterCon.exe
2007-11-30 08:37 - 2007-11-30 08:37 - 000176128 ____A [DFACE29FDD003542C3C3931B78277DBF] () C:\Program Files (x86)\Balabolka\utils\mp4chaps.exe
2003-10-31 08:26 - 2003-10-31 08:26 - 000054272 ____A [4951173D0A40B2DA185F7B5DD2F42F7C] (Nokia) C:\Program Files (x86)\Balabolka\utils\mp4lib.dll
2003-10-31 08:26 - 2003-10-31 08:26 - 000698368 ____A [803DFC62EAFA6BFB7E794A50D80AEF27] (Nokia Corporation) C:\Program Files (x86)\Balabolka\utils\MultimediaConverter.dll
2010-02-18 02:54 - 2010-02-18 02:54 - 000868352 ____A [0F21E58F98491EBD3346FDF3EB887891] (Nero AG) C:\Program Files (x86)\Balabolka\utils\neroAacEnc.exe
2009-12-17 06:10 - 2009-12-17 06:10 - 000259584 ____A [38DB192BE9544220C77A0400D4A5684B] (Nero AG) C:\Program Files (x86)\Balabolka\utils\neroAacTag.exe
2017-10-24 12:36 - 2017-10-24 12:36 - 000298496 ____A [92B5294594C57953D602CEEB1862C115] () C:\Program Files (x86)\Balabolka\utils\opusdec.exe
2018-11-13 14:32 - 2018-11-13 14:32 - 004560896 ____A [EDE4F5933FE7F92AB10C8C387BA26530] (Ilya Morozov) C:\Program Files (x86)\Balabolka\utils\pdf2blb.dll
2011-08-15 06:08 - 2011-08-15 06:08 - 000296448 ____A [83DFBD68DAE9F2B7A4BD511AF82104E6] () C:\Program Files (x86)\Balabolka\utils\pdfimages.exe
2017-05-08 21:41 - 2017-05-08 21:41 - 000445440 ____A [1D3C7F414AB3CB4CF39833D03D4F4237] (Technosys Corporation) C:\Program Files (x86)\Balabolka\utils\syspin.exe
2017-08-11 11:55 - 2017-08-11 11:55 - 000268504 ____A [AE9C5338D8495EEA829E79799CEA0357] (Alexander Roshal) C:\Program Files (x86)\Balabolka\utils\unrar.dll
2019-02-09 09:04 - 2019-02-09 09:04 - 000925696 ____A [C292AA239A82C48DD57ED2F9373F0CE5] (Ilya Morozov) C:\Program Files (x86)\Balabolka\utils\viewer.exe
2010-08-20 05:18 - 2010-08-20 05:18 - 000100352 ____A [D90DAD5EEA33A178BAC56FFF2847D4C2] () C:\Program Files (x86)\Balabolka\utils\zlib1.dll

====== End of Folder: ======

VirusTotal: C:\Program Files (x86)\Balabolka\balabolka.exe => https://www.virustotal.com/file/d6e801a ... 567581280/
VirusTotal: C:\Program Files (x86)\Balabolka\lame_enc.dll => https://www.virustotal.com/file/f806d1f ... 559476011/
VirusTotal: C:\Program Files (x86)\Balabolka\utils\chsdet.dll => https://www.virustotal.com/file/4fc1916 ... 560084723/
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} => not found
HKLM\Software\Classes\CLSID\{1c1aa9e5-ac5b-11e6-829d-4cbb583af1fb} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C77453B-8D50-4612-9BBE-37A771F9386F}" => not found
"C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{540F9C83-EED3-414F-BDA5-9D527B2B5CA7} => not found
HKLM\Software\Classes\CLSID\{540F9C83-EED3-414F-BDA5-9D527B2B5CA7} => not found
HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5BA95ED-DCBC-4A11-8C59-86D0F3122845} => not found
HKLM\Software\Classes\CLSID\{A5BA95ED-DCBC-4A11-8C59-86D0F3122845} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice => not found
HKLM\System\CurrentControlSet\Services\AdobeARMservice => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeUpdateService => not found
HKLM\System\CurrentControlSet\Services\AdobeUpdateService => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AERTFilters => not found
HKLM\System\CurrentControlSet\Services\AERTFilters => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Dell Customer Connect => not found
HKLM\System\CurrentControlSet\Services\Dell Customer Connect => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Dell Hardware Support => not found
HKLM\System\CurrentControlSet\Services\Dell Hardware Support => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GoogleChromeElevationService => not found
HKLM\System\CurrentControlSet\Services\GoogleChromeElevationService => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate => not found
HKLM\System\CurrentControlSet\Services\gupdate => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem => not found
HKLM\System\CurrentControlSet\Services\gupdatem => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc => not found
HKLM\System\CurrentControlSet\Services\gusvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance => not found
HKLM\System\CurrentControlSet\Services\MozillaMaintenance => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate => not found
HKLM\System\CurrentControlSet\Services\SkypeUpdate => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SupportAssistAgent => not found
HKLM\System\CurrentControlSet\Services\SupportAssistAgent => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TabletServicePen => not found
HKLM\System\CurrentControlSet\Services\TabletServicePen => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TouchServicePen => not found
HKLM\System\CurrentControlSet\Services\TouchServicePen => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WavesSysSvc => not found
HKLM\System\CurrentControlSet\Services\WavesSysSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WysePocketCloud => not found
HKLM\System\CurrentControlSet\Services\WysePocketCloud => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WyseRemoteAccess => not found
HKLM\System\CurrentControlSet\Services\WyseRemoteAccess => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RTHDVCPL" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RTHDVCPL" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RtHDVBg" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RtHDVBg" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\HotKeysCmds" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\IgfxTray" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxTray" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Persistence" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Persistence" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\QuickSet" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickSet" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\APSDaemon" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\DropboxOEM" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DropboxOEM" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\QuickTime Task" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\BlueStacks Agent" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BlueStacks Agent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Adobe Creative Cloud" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Creative Cloud" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Acrobat Assistant 8.0" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Adobe Acrobat Speed Launcher" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher" => not found
"C:\Users\nickshaver06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Dropbox.lnk" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Dropbox Update" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dropbox Update" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Skype" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Google Update" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\HP ENVY 4520 series (NET)" => not found
"HKU\S-1-5-21-1023352508-1266729709-51963614-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HP ENVY 4520 series (NET)" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1048744 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 40936813 B
Firefox => 57660865 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 94213 B
systemprofile32 => 128 B
LocalService => 307242 B
NetworkService => 5850 B
nickshaver06 => 5550101214 B

RecycleBin => 20114949283 B
EmptyTemp: => 24 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:36:27 ====
You do not have the required permissions to view the files attached to this post.
nickshaver06
Active Member
 
Posts: 6
Joined: September 3rd, 2019, 9:09 pm

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby Gary R » September 4th, 2019, 11:28 am

Please uninstall the following program ...

Amazon 1Button App

... which is a piece of foistware, generally installed without user consent.

Your logs look clean now, so please try opening a PDF file with Adobe Acrobat.

If it is still giving you problems, then what I suggest is that you uninstall Adobe Acrobat, and then download an install a new clean copy.

https://helpx.adobe.com/download-instal ... loads.html

I'm afraid troubleshooting problems with 3rd Party Applications is beyond the scope of this forum, whose only purpose is to remove malware.

For help with Adobe products see ... https://helpx.adobe.com/support/acrobat.html

Alternatively, if all you want is a PDF viewer, you might consider one of the free alternatives like Foxit Reader .... https://www.foxitsoftware.com/pdf-reader/
User avatar
Gary R
Administrator
Administrator
 
Posts: 24331
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby nickshaver06 » September 5th, 2019, 10:42 am

Thanks! The message error was still appearing so I reinstalled Adobe and all is good now. I also deleted Amazon 1Button.

Thank you for the help with this!

-Nick
nickshaver06
Active Member
 
Posts: 6
Joined: September 3rd, 2019, 9:09 pm

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby Gary R » September 5th, 2019, 12:12 pm

You're welcome. :)

Glad we were able to get things resolved.

To remove FRST and all its files and folders, please do the following ....
  • Right click on FRST64.exe and select Rename
  • Rename it to Uninstall.exe
  • Launch Uninstall.exe

Other than that, provided you have no other issues, I think we can call this topic closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 24331
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby nickshaver06 » September 5th, 2019, 2:49 pm

I agree, thanks again!
nickshaver06
Active Member
 
Posts: 6
Joined: September 3rd, 2019, 9:09 pm

Re: Adobe Acrobat - AdobeARM.exe file corrupted

Unread postby Gary R » September 5th, 2019, 5:31 pm

You're welcome. :)

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 24331
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 249 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware