Jump to content

Kris R

Members
  • Content Count

    2
  • Joined

  • Last visited

About Kris R

  • Rank
    Newbie
  1. Great. I thought is might have been a false positive, but wanted someone else's opinion. SAS kept pointing to an X86 HKCR/.bmp#content type[donman] registry entry. The key is still there, but now the SAS program is no longer registering a trojan warning.This has been happening off and on for the last few days. Unless anyone has any suggestions, I'm going to consider a false positive. Thanks for the help.
  2. This one keeps reappearing. I've run farbar. Posting the FRST and ADDITION logs. Please look and let me know if this is a virus. Thanks. Kris Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-05.2019 Ran by Saye (administrator) on NEWCOMPUTER (Dell Inc. Inspiron 23 Model 5348) (03-05-2019 22:18:56) Running from C:\Users\Saye\Downloads Loaded Profiles: Saye & (Available Profiles: Saye) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe () [File not signed] C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe () [File not signed] C:\Windows\SysWOW64\srvany.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Carbonite -> Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite -> Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc -> ) C:\Program Files (x86)\DELL\UpdateService\ServiceShell.exe (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe (DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel(R) Smart Connect software -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\pcdrwi.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TODO: <公司名>) [File not signed] C:\Windows\SysWOW64\SDIOAssist.exe (Wyse Technology Inc -> ) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-12-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-04-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278056 2019-02-08] (Carbonite -> Carbonite, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-04-09] (Support.com, Inc. -> SUPERAntiSpyware) HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\...\MountPoints2: {51c89a10-d0c9-11e4-8273-90489a859e1e} - "F:\LaunchU3.exe" HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-04-09] (Support.com, Inc. -> SUPERAntiSpyware) HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\...\MountPoints2: {51c89a10-d0c9-11e4-8273-90489a859e1e} - "F:\LaunchU3.exe" HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-19] (Adobe Systems, Incorporated -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-03] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel(R) Smart Connect software -> Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.3 PE.lnk [2015-04-04] ShortcutTarget: PHOTOfunSTUDIO 9.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) [File not signed] Startup: C:\Users\Saye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-06-24] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0066D85E-CF98-4EAD-A106-3DE889AB17FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {17762800-6977-4ECA-B9EF-421079786732} - System32\Tasks\HP AR Program Upload - 9dc07e69cbf243ea8824e647f4f26e2eefa5e07fc45c44e082b1f3a0cf23a323 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: <Company name>) Task: {1A9F6EFE-E862-4D7C-B4B6-ADAD2A84BC65} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {3342D4F0-7027-45D3-B761-5A9FFD1622FD} - System32\Tasks\HP AR Program Upload - 950de00241fe4f5ba142f415f11a8c33b2e121c77f354d95bb2af61329b8714b => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: <Company name>) Task: {54B8AAC4-4BE3-4A73-9ACF-303110E9FE4E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe) Task: {5E13DE77-161F-4B9F-9C18-4E674B2008C0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [6762544 2012-07-09] (Dell Inc. -> Dell, Inc.) Task: {7259AF95-2CDD-4525-8245-33942DFADC05} - System32\Tasks\HP AR Program Upload - aa553d6b796342049626286156a02d4036973f13d7cd4e518f9b6013df9eee7d => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: <Company name>) Task: {730A553D-A051-4C8D-A2B7-E0885C704721} - System32\Tasks\HP AR Program Upload - 443587a738be410885dc074f5b5688cf273f2c4b707f4bd1966fadd75d62fac1 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: <Company name>) Task: {75576785-EE5C-4DDF-A3AD-7097A72FD13F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {7AE36F81-D455-4109-A682-C70C03365AB3} - System32\Tasks\SUPERAntiSpyware Scheduled Task a0bc6b90-785b-45f6-b233-6715d315d11e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) Task: {802E5BA4-261B-4A85-815E-8F85607DA89F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {8FE8EBAB-5AE0-4A7D-AB8E-A5FDE3B4DEBF} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [17200 2013-08-22] (Wyse Technology Inc -> ) Task: {92E030DD-1D18-4CCA-AEB8-F693FF37E40B} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath = $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters). Task: {971DA864-2CBE-4153-8B1C-E0F5B0440EDB} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe] Task: {AC8B54F7-B1CE-4E83-BD47-6AD682B678FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {BA3DB1B3-E61B-45FA-9734-6610DC2D5188} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {BF888664-5728-4FF1-B176-2F24925B7A5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {C37B55F6-71E8-4596-B721-E22D9A43DEE8} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4029162235-4123474821-1798796012-1001 => C:\Users\Saye\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {C97EC7FB-91DD-45BC-A27D-F5E18E6A095B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-04-10] (Dell Inc. -> Dell Inc.) Task: {D0E3FE01-E2EB-4C9B-8AC2-14BEABBAA042} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.) Task: {E294DDED-49E5-4127-AA8B-52C12BECFE90} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [713008 2013-08-22] (Wyse Technology Inc -> ) Task: {E9A8CAE8-A792-436C-9FF8-F2C0B65F9620} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe) Task: {E9AEC766-B1EA-4B31-B86E-6C01F32FA02F} - System32\Tasks\HP AR Program Upload - e33f35af5b684a8aad195e3bf0a93634346f2462db9e4bf291710884bfa3be19 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [3495944 2014-07-21] (Hewlett Packard -> TODO: <Company name>) Task: {EC6E6974-A545-44D0-AC74-050F56CE3F42} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {ED12A92E-6FBC-4700-A524-EF28C3A61358} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {EE21F529-F7CB-4A8D-80B8-505B5C6B734A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink) Task: {F00DB129-0347-48EC-95A1-98C4C852ABEC} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0fd79c9c-29c6-4652-8553-9ce7bb369c73 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0fd79c9c-29c6-4652-8553-9ce7bb369c73.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a0bc6b90-785b-45f6-b233-6715d315d11e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{EE1D3EA7-F743-410D-8B55-09CE2EA954FF}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duckduckgo.com/ HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duckduckgo.com/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4029162235-4123474821-1798796012-1001 -> DefaultScope {16682772-DA2A-4AE2-BC04-EF3AA0074FCF} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v158-3__ SearchScopes: HKU\S-1-5-21-4029162235-4123474821-1798796012-1001 -> {16682772-DA2A-4AE2-BC04-EF3AA0074FCF} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v158-3__ SearchScopes: HKU\S-1-5-21-4029162235-4123474821-1798796012-1001 -> {1B20846F-136E-48A0-9F0A-0AE525A01970} URL = SearchScopes: HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682 -> DefaultScope {16682772-DA2A-4AE2-BC04-EF3AA0074FCF} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v158-3__ SearchScopes: HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682 -> {16682772-DA2A-4AE2-BC04-EF3AA0074FCF} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v158-3__ SearchScopes: HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682 -> {1B20846F-136E-48A0-9F0A-0AE525A01970} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc -> Google Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc -> Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc -> Google Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Saye\AppData\Roaming\Mozilla\Firefox\Profiles\o3ypnvhb.default [2019-05-03] FF Homepage: Mozilla\Firefox\Profiles\o3ypnvhb.default -> hxxps://www.google.com/?gws_rd=ssl FF Extension: (Avira Browser Safety) - C:\Users\Saye\AppData\Roaming\Mozilla\Firefox\Profiles\o3ypnvhb.default\Extensions\abs@avira.com.xpi [2019-03-27] FF Extension: (NewTabURL) - C:\Users\Saye\AppData\Roaming\Mozilla\Firefox\Profiles\o3ypnvhb.default\Extensions\newtaburl@sogame.cat.xpi [2016-04-27] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> ) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4029162235-4123474821-1798796012-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Saye\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (Visan Industries -> RocketLife, LLP) FF Plugin HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Saye\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (Visan Industries -> RocketLife, LLP) Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms} CHR DefaultSearchKeyword: Default -> Avira CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en CHR Profile: C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default [2019-05-03] CHR Extension: (Docs) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-03] CHR Extension: (Google Drive) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-16] CHR Extension: (Avira Browser Safety) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-05-03] CHR Extension: (Google Docs Offline) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-03] CHR Extension: (Avira SafeSearch Plus) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2019-05-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-03] CHR Extension: (Chrome Media Router) - C:\Users\Saye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [466280 2019-04-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe [1038144 2019-04-24] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [147456 2013-12-27] () [File not signed] R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> ) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-07] (Intel Corporation - pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation) R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-20] (Intel(R) Smart Connect software -> ) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [65536 2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> BayHubTech/O2Micro International) R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-04-10] (Dell Inc. -> Dell Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] (Wyse Technology Inc -> ) R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-05] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-03-26] (Malwarebytes Corporation -> Malwarebytes) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] (Intel(R) Smart Connect software -> ) R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] (Intel(R) Smart Connect software -> ) R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] (Intel(R) Smart Connect software -> ) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] (Intel(R) Smart Connect software -> ) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-26] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-26] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-26] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-26] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-04-26] (Malwarebytes Corporation -> Malwarebytes) R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (O2Micro -> BayHubTech/O2Micro ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R4 DBUtil_2_3; \??\C:\Windows\TEMP\DBUtil_2_3.Sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-03 22:18 - 2019-05-03 22:18 - 000001212 _____ C:\Users\Saye\Desktop\mwreport.txt 2019-05-03 19:01 - 2019-05-03 19:01 - 002430464 _____ (Farbar) C:\Users\Saye\Downloads\FRSTEnglish.exe 2019-05-03 19:01 - 2019-05-03 19:01 - 000000000 ____D C:\Users\Saye\Downloads\FRST-OlderVersion 2019-05-03 13:50 - 2019-05-03 13:50 - 000000000 ____D C:\Users\Saye\AppData\Local\TeamViewer 2019-05-03 13:44 - 2019-05-03 13:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-05-03 13:44 - 2019-05-03 13:44 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-05-03 13:44 - 2019-05-03 13:44 - 000001053 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-05-03 13:44 - 2019-05-03 13:44 - 000000000 ____D C:\Users\Saye\AppData\Roaming\TeamViewer 2019-05-03 13:41 - 2019-05-03 13:41 - 022796808 _____ (TeamViewer GmbH) C:\Users\Saye\Downloads\TeamViewer_Setup.exe 2019-05-03 12:56 - 2019-05-03 12:56 - 000000000 ___RD C:\Users\Saye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2019-04-30 21:08 - 2019-04-30 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2019-04-30 08:42 - 2019-04-30 08:42 - 000000000 _____ C:\Windows\invcol.tmp 2019-04-29 13:01 - 2019-04-29 13:02 - 044443168 _____ (Microsoft Corporation) C:\Users\Saye\Downloads\Windows-KB890830-x64-V5.71 (1).exe 2019-04-29 12:52 - 2019-04-29 12:52 - 000002259 _____ C:\Windows\epplauncher.mif 2019-04-29 11:36 - 2019-04-29 11:37 - 015065792 _____ (Microsoft Corporation) C:\Users\Saye\Downloads\MSEInstall.exe 2019-04-29 11:10 - 2019-04-29 11:11 - 044443168 _____ (Microsoft Corporation) C:\Users\Saye\Downloads\Windows-KB890830-x64-V5.71.exe 2019-04-26 22:07 - 2019-04-26 22:07 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-04-26 22:07 - 2019-04-26 22:07 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-04-26 22:07 - 2019-04-26 22:07 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-04-26 22:07 - 2019-04-26 22:07 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-04-24 13:04 - 2019-04-24 13:04 - 000002147 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2019-04-22 16:42 - 2019-04-22 16:42 - 000127022 _____ C:\Users\Saye\Downloads\Statement Dated 03_29_2019 2019-04-22 16:41 - 2019-04-22 16:42 - 000127009 _____ C:\Users\Saye\Downloads\Statement Dated 02_28_2019 2019-04-17 20:01 - 2019-04-17 20:01 - 031062947 _____ C:\Users\Saye\Downloads\Gut-Recovery-Recipes-1.pdf 2019-04-17 11:11 - 2019-04-17 11:10 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2019-04-14 19:12 - 2019-04-14 19:12 - 000002156 _____ C:\Users\Public\Desktop\Carbonite.lnk 2019-04-14 19:12 - 2019-04-14 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite 2019-04-11 13:11 - 2019-04-11 13:11 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-04-10 16:17 - 2019-04-12 07:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-04-10 05:09 - 2019-03-29 13:07 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-04-10 05:09 - 2019-03-29 13:07 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-09 18:27 - 2019-05-03 08:30 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2019-04-09 18:26 - 2019-04-09 18:26 - 021254208 _____ (Piriform Software Ltd) C:\Users\Saye\Downloads\ccsetup556.exe 2019-04-09 11:32 - 2019-03-25 23:14 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-04-09 11:32 - 2019-03-25 22:12 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-04-09 11:32 - 2019-03-25 22:05 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-04-09 11:32 - 2019-02-09 11:55 - 022373096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2019-04-09 11:32 - 2019-02-09 11:23 - 019790664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2019-04-09 11:31 - 2019-04-01 18:16 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2019-04-09 11:31 - 2019-03-30 13:57 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2019-04-09 11:31 - 2019-03-26 09:11 - 007079936 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2019-04-09 11:31 - 2019-03-26 08:57 - 005276160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2019-04-09 11:31 - 2019-03-26 08:40 - 007798272 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2019-04-09 11:31 - 2019-03-26 08:35 - 005270528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2019-04-09 11:31 - 2019-03-26 01:16 - 001311976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2019-04-09 11:31 - 2019-03-25 23:00 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll 2019-04-09 11:31 - 2019-03-25 22:52 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2019-04-09 11:31 - 2019-03-25 22:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2019-04-09 11:31 - 2019-03-25 22:40 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2019-04-09 11:31 - 2019-03-25 22:10 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2019-04-09 11:31 - 2019-03-25 22:09 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2019-04-09 11:31 - 2019-03-25 22:08 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2019-04-09 11:31 - 2019-03-25 22:06 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2019-04-09 11:31 - 2019-03-25 22:00 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-04-09 11:31 - 2019-03-25 21:56 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2019-04-09 11:31 - 2019-03-25 21:51 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2019-04-09 11:31 - 2019-03-25 21:48 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2019-04-09 11:31 - 2019-03-25 21:48 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-04-09 11:31 - 2019-03-25 21:24 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-04-09 11:31 - 2019-03-25 21:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2019-04-09 11:31 - 2019-03-25 21:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2019-04-09 11:31 - 2019-03-25 21:22 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2019-04-09 11:31 - 2019-03-25 21:21 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2019-04-09 11:31 - 2019-03-25 21:08 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-04-09 11:31 - 2019-03-25 21:04 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-04-09 11:31 - 2019-03-20 18:29 - 002452432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2019-04-09 11:31 - 2019-03-15 21:03 - 002535664 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2019-04-09 11:31 - 2019-03-15 20:46 - 000805176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2019-04-09 11:31 - 2019-03-15 20:36 - 001902752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2019-04-09 11:31 - 2019-03-15 20:29 - 000611656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2019-04-09 11:31 - 2019-03-15 19:51 - 001755136 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2019-04-09 11:31 - 2019-03-15 19:49 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2019-04-09 11:31 - 2019-03-15 19:48 - 003324416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2019-04-09 11:31 - 2019-03-15 19:47 - 003617280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2019-04-09 11:31 - 2019-03-15 19:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll 2019-04-09 11:31 - 2019-03-15 19:39 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2019-04-09 11:31 - 2019-03-13 22:57 - 007368952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-04-09 11:31 - 2019-03-13 22:56 - 001677024 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2019-04-09 11:31 - 2019-03-13 22:56 - 001537560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2019-04-09 11:31 - 2019-03-13 12:13 - 001369096 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2019-04-09 11:31 - 2019-03-09 10:08 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll 2019-04-09 11:31 - 2019-03-09 09:51 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2019-04-09 11:31 - 2019-03-09 09:47 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll 2019-04-09 11:31 - 2019-03-09 09:43 - 003822080 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2019-04-09 11:31 - 2019-03-09 09:35 - 001085952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2019-04-09 11:31 - 2019-03-09 09:31 - 003274752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2019-04-09 11:31 - 2019-03-09 09:28 - 002348544 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2019-04-09 11:31 - 2019-03-09 09:19 - 001550848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2019-04-09 11:31 - 2019-03-09 09:01 - 003547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2019-04-09 11:31 - 2019-03-09 07:20 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2019-04-09 11:31 - 2019-03-09 07:20 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2019-04-09 11:31 - 2019-03-09 07:20 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2019-04-09 11:31 - 2019-03-09 07:20 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2019-04-09 11:31 - 2019-03-09 07:20 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2019-04-09 11:31 - 2019-02-24 07:43 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2019-04-09 11:31 - 2019-02-21 10:34 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2019-04-09 11:31 - 2019-02-11 20:48 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll 2019-04-09 11:30 - 2019-03-25 22:40 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2019-04-09 11:30 - 2019-03-25 22:22 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2019-04-09 11:30 - 2019-03-25 22:15 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2019-04-09 11:30 - 2019-03-25 21:43 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2019-04-09 11:30 - 2019-03-25 21:36 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2019-04-09 11:30 - 2019-03-25 21:29 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2019-04-09 11:30 - 2019-03-25 21:26 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2019-04-09 11:30 - 2019-03-25 21:02 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2019-04-09 11:30 - 2019-02-21 10:36 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys 2019-04-09 11:30 - 2019-02-21 10:35 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2019-04-09 11:30 - 2019-02-21 10:34 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2019-04-09 11:30 - 2019-02-21 09:31 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2019-04-09 11:13 - 2019-04-09 11:13 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-03 22:19 - 2017-12-13 12:26 - 000036999 _____ C:\Users\Saye\Downloads\FRST.txt 2019-05-03 22:18 - 2017-12-13 12:25 - 000000000 ____D C:\FRST 2019-05-03 21:40 - 2014-09-03 13:22 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0DE80B7F-EE8A-4248-9D44-F989C0CBA75B} 2019-05-03 18:58 - 2014-09-03 13:25 - 000000000 ____D C:\Users\Saye\AppData\Roaming\ClassicShell 2019-05-03 17:49 - 2016-11-20 17:05 - 000000000 ____D C:\Users\Saye\AppData\LocalLow\Mozilla 2019-05-03 15:03 - 2017-11-13 15:03 - 000000532 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0fd79c9c-29c6-4652-8553-9ce7bb369c73.job 2019-05-03 12:55 - 2018-01-13 21:05 - 000000000 __SHD C:\Users\Saye\IntelGraphicsProfiles 2019-05-03 10:00 - 2017-11-13 15:03 - 000000532 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a0bc6b90-785b-45f6-b233-6715d315d11e.job 2019-05-01 22:32 - 2016-03-23 12:44 - 000000000 ____D C:\ProgramData\CanonIJPLM 2019-04-30 21:16 - 2014-09-03 13:23 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4029162235-4123474821-1798796012-1001 2019-04-30 21:07 - 2014-06-03 20:48 - 000000000 ____D C:\ProgramData\Package Cache 2019-04-29 13:03 - 2014-09-03 14:21 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-04-29 11:38 - 2015-04-30 21:47 - 000300032 ___SH C:\Users\Saye\Downloads\Thumbs.db 2019-04-27 14:36 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness 2019-04-26 22:09 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\registration 2019-04-26 22:06 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-04-26 21:58 - 2013-08-22 08:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-04-26 21:57 - 2014-09-09 10:58 - 000000000 ____D C:\Program Files\Microsoft Office 15 2019-04-26 19:33 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2019-04-26 19:04 - 2018-08-07 09:59 - 000391560 _____ C:\Windows\system32\FNTCACHE.DAT 2019-04-25 13:17 - 2014-06-03 21:04 - 000000000 ____D C:\ProgramData\PCDr 2019-04-24 13:04 - 2014-06-03 21:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2019-04-24 13:04 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf 2019-04-24 12:59 - 2017-06-26 11:05 - 000000000 ____D C:\ProgramData\SupportAssist 2019-04-17 11:11 - 2014-09-03 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-04-17 11:11 - 2014-09-03 13:28 - 000000000 ____D C:\Program Files (x86)\Java 2019-04-16 07:37 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps 2019-04-14 20:35 - 2014-09-03 13:16 - 000000000 ____D C:\Users\Saye 2019-04-14 19:12 - 2015-04-09 16:25 - 000008234 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} 2019-04-13 02:37 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\rescache 2019-04-12 07:13 - 2017-11-13 14:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2019-04-12 07:13 - 2014-09-03 13:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-04-12 07:08 - 2013-08-22 08:36 - 000000000 ___RD C:\Windows\ToastData 2019-04-10 19:57 - 2014-09-03 13:41 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-04-10 18:07 - 2018-11-16 11:40 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-10 18:07 - 2018-11-16 11:40 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-04-10 05:16 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp 2019-04-10 05:09 - 2014-09-03 14:22 - 000000000 ____D C:\Windows\system32\MRT 2019-04-09 18:27 - 2018-01-16 18:45 - 000000836 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-04-09 02:07 - 2018-03-13 09:31 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-04-09 02:07 - 2014-09-03 15:49 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-04-09 02:07 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-04-09 02:07 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\Macromed 2019-04-03 12:07 - 2014-09-09 12:39 - 000000000 ____D C:\Users\Saye\Documents\TurboTax ==================== Files in the root of some directories ======= 2014-09-09 11:44 - 2014-09-09 11:44 - 000024013 _____ () C:\Users\Saye\AppData\Roaming\Comma Separated Values.ADR 2017-01-07 13:40 - 2017-01-07 14:01 - 000005632 _____ () C:\Users\Saye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-09 16:31 - 2015-01-29 08:13 - 000009216 _____ () C:\Users\Saye\AppData\Local\Z@!-873faad9-44e0-4583-bc28-3c1a70da2243.tmp 2015-04-09 16:31 - 2015-01-29 08:13 - 000009216 _____ () C:\Users\Saye\AppData\Local\Z@!-97b4748c-1cd5-4c1b-8e70-db6bf0cb9526.tmp 2015-04-09 16:31 - 2015-01-29 08:13 - 000010240 _____ () C:\Users\Saye\AppData\Local\Z@S!-0a7c7c05-2100-409a-af70-8f87ecc5988f.tmp 2017-08-24 10:39 - 2017-08-24 10:39 - 000000000 _____ () C:\Users\Saye\AppData\Local\{517D1DED-B9BA-4D12-BB02-1D309510F866} 2017-02-03 14:14 - 2017-02-03 14:14 - 000000000 _____ () C:\Users\Saye\AppData\Local\{78AD3714-C198-4AC0-A4A4-96636991DF81} ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-04-28 04:04 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05.2019 Ran by Saye (03-05-2019 22:20:05) Running from C:\Users\Saye\Downloads Windows 8.1 (Update) (X64) (2014-09-03 20:16:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4029162235-4123474821-1798796012-500 - Administrator - Disabled) Guest (S-1-5-21-4029162235-4123474821-1798796012-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4029162235-4123474821-1798796012-1003 - Limited - Enabled) Saye (S-1-5-21-4029162235-4123474821-1798796012-1001 - Administrator - Enabled) => C:\Users\Saye ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123 Free Solitaire v10.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe) Avira (HKLM-x32\...\{2504137A-5E42-4340-8F34-2086B49FBD1A}) (Version: 1.2.133.21088 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{33789076-9ec9-4866-b174-19596d6375c1}) (Version: 1.2.131.15242 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{9c4627af-2a2f-4e06-aa50-e0d70979e4b6}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{b3f1f775-e558-4660-a503-9129ae9d7310}) (Version: 1.2.133.21088 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{c5838bf4-7a0d-488e-b1b8-a233ec3e436b}) (Version: 1.2.128.15911 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{fd422d82-916c-4aca-bc42-67b7eb9925c4}) (Version: 1.2.129.13789 - Avira Operations GmbH & Co. KG) Camera Support Core Library (HKLM-x32\...\{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon) Hidden Camera Window DS (HKLM-x32\...\{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}) (Version: 5.2 - Canon) Hidden Camera Window DVC (HKLM-x32\...\{001AB29C-5468-4972-8D24-2EBDB2B12133}) (Version: 5.4 - Canon) Hidden Camera Window MC (HKLM-x32\...\{89EB3ED7-225A-412E-B048-623D502C000F}) (Version: 5.4 - Canon) Hidden Canon Camera Support Core Library (HKLM-x32\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon) Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}) (Version: 5.4 - Canon) Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}) (Version: 5.2 - Canon) Canon Camera Window MC 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}) (Version: 5.4 - Canon) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - ) Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon PhotoRecord (HKLM-x32\...\{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}) (Version: 02.02.02000 - Cisra) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}) (Version: 2.1 - Canon) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - ) Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon) Canon ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.02.0100 - Canon) Carbonite (HKLM-x32\...\{129A37E4-7280-429B-B2C6-FF2EA057F239}) (Version: 6.3.4 build 7957 (Feb-08-2019) - Carbonite) CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\{0309AC01-330F-494C-B27D-58E297E4674F}) (Version: 3.2.1.94 - Dell Inc.) Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) DELLOSD (HKLM-x32\...\{AC950530-9F3B-4D94-8BEF-C84A77869AF4}) (Version: 1.0.0.0 - DELL) Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version: - TreeCardGames) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden Hoyle Slots & Video Poker (HKLM-x32\...\{03BB469D-4533-49D9-9D87-C69EC1BE380C}) (Version: 1.0.0.2 - Encore, Inc.) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{E968D0B8-D9BC-4916-AC40-D667BDD5A1D1}) (Version: 4.2.41.2459 - Intel Corporation) Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.5127.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MovieEdit Task (HKLM-x32\...\{68D27126-BF6A-457D-8DD0-5F35E8D41310}) (Version: 1.3.1.21 - Canon) Hidden Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.3.7038 - Mozilla) O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.) Hidden O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5127.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5127.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5127.1000 - Microsoft Corporation) Hidden OLYMPUS CAMEDIA Master 4.0 (HKLM-x32\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - ) PHOTOfunSTUDIO 9.3 PE (HKLM-x32\...\{E33B3B6C-5712-4A39-B30D-1391918D920D}) (Version: 9.03.703 - Panasonic Corporation) PhotoStitch (HKLM-x32\...\{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon) Hidden PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) RAW Image Task 2.1 (HKLM-x32\...\{001EB665-D9EC-415E-9E13-AD2125B2B992}) (Version: 2.1 - Canon) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer) TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc) TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc) TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => -> No File ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => -> No File ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2019-02-08] (Carbonite -> Carbonite, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-01-13 20:53 - 2014-02-26 23:39 - 000440320 _____ (Atheros) [File not signed] C:\Windows\system32\athihvs.dll 2016-03-23 12:24 - 2010-09-08 09:27 - 000328192 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL 2014-04-29 03:31 - 2014-04-29 03:31 - 000319104 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe 2014-06-03 20:57 - 2013-12-27 14:12 - 000147456 _____ () [File not signed] C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe 2018-10-04 21:04 - 2012-03-09 09:27 - 000008192 _____ () [File not signed] C:\Windows\SysWOW64\srvany.exe 2018-10-04 21:04 - 2014-05-20 12:53 - 002701824 _____ (TODO: <公司名>) [File not signed] C:\Windows\sysWOW64\SDIOAssist.exe 2013-08-19 04:29 - 2013-08-19 04:29 - 001785344 _____ (DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe 2014-06-03 20:57 - 2013-12-27 14:00 - 000540672 _____ () [File not signed] C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe 2014-04-29 03:32 - 2014-04-29 03:32 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll 2014-04-29 03:33 - 2014-04-29 03:33 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\utils.dll 2014-04-29 03:32 - 2014-04-29 03:32 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\CommApi.dll 2014-04-29 03:32 - 2014-04-29 03:32 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ipc.dll 2014-04-29 03:33 - 2014-04-29 03:33 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\TCPConnection.dll 2014-04-20 10:17 - 2014-04-20 10:17 - 003374272 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll 2014-04-29 03:33 - 2014-04-29 03:33 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll 2014-04-29 03:32 - 2014-04-29 03:32 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll 2014-04-29 03:33 - 2014-04-29 03:33 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\OutLookLib.dll 2014-04-20 10:17 - 2014-04-20 10:17 - 000284864 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll 2014-04-20 10:17 - 2014-04-20 10:17 - 000803520 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll 2014-04-20 10:17 - 2014-04-20 10:17 - 000161984 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe 2014-04-29 03:32 - 2014-04-29 03:32 - 000134784 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe 2014-04-29 03:33 - 2014-04-29 03:33 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ModuleManager.dll 2014-04-29 03:28 - 2014-04-29 03:28 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-04-29 03:28 - 2014-04-29 03:28 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll 2014-04-29 03:25 - 2014-04-29 03:25 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll 2014-04-29 03:32 - 2014-04-29 03:32 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Handsfree.dll 2014-04-29 03:28 - 2014-04-29 03:28 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\L2capLib\l2caplib.dll 2014-04-29 03:27 - 2014-04-29 03:27 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\SesMgr\sesmgr.dll 2014-04-29 03:20 - 2014-04-29 03:20 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\goep\goep.dll 2014-04-29 03:27 - 2014-04-29 03:27 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BIP\BIP.dll 2014-04-29 03:23 - 2014-04-29 03:23 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FAX\Fax.dll 2014-04-29 03:24 - 2014-04-29 03:24 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\DID\DId.dll 2014-04-29 03:27 - 2014-04-29 03:27 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll 2014-04-29 03:24 - 2014-04-29 03:24 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\LE\LE.dll 2014-04-29 03:32 - 2014-04-29 03:32 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\gatts.DLL 2014-04-29 03:32 - 2014-04-29 03:32 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\GattI.dll 2014-04-29 03:26 - 2014-04-29 03:26 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll 2014-04-29 03:23 - 2014-04-29 03:23 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-04-29 03:27 - 2014-04-29 03:27 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\OppOperation.dll 2014-04-29 03:26 - 2014-04-29 03:26 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\pbap\pbap.dll 2014-04-29 03:26 - 2014-04-29 03:26 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\sap\sap.dll 2014-04-29 03:26 - 2014-04-29 03:26 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\spp\spp.dll 2014-04-29 03:27 - 2014-04-29 03:27 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\GapSdp\GapSdp.dll 2014-04-29 03:23 - 2014-04-29 03:23 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\HCRP\Hcrp.dll 2014-04-29 03:25 - 2014-04-29 03:25 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Sync\Sync.dll 2014-04-29 03:20 - 2014-04-29 03:20 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\ObjPush.dll 2014-04-29 03:33 - 2014-04-29 03:33 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\skypeagent.dll 2014-04-29 03:31 - 2014-04-29 03:31 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2016-03-23 12:26 - 2010-07-25 19:08 - 000136704 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\cnmpu.dll 2016-03-23 12:26 - 2010-07-25 19:08 - 000067584 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2013-09-24 09:25 - 2013-09-24 09:25 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2013-09-24 09:25 - 2013-09-24 09:25 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2019-03-09 02:51 - 2019-03-09 02:51 - 001078784 _____ (Intuit) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Intuit.Spc.fecc593b#\9abc7fc57289c68fa3bf32e7dd6e5f47\Intuit.Spc.Map.WindowsFirewallUtilities.ni.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-03-26 23:58 - 2019-03-26 23:58 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-02-11 12:58 - 2019-03-26 23:58 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\UCRT\;C:\Program Files\Intel\UCRT\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT HKU\S-1-5-21-4029162235-4123474821-1798796012-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-4029162235-4123474821-1798796012-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019090002682\Control Panel\Desktop\\Wallpaper -> C:\Users\Saye\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{03AAF855-D6D4-4691-BAC6-227DB706C5A5}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe (Wyse Technology Inc -> ) FirewallRules: [{8E350BE6-A1DC-4B90-AFBF-98232B820B0C}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (DELL Inc.) [File not signed] FirewallRules: [{18052168-857B-49CA-9F7A-643251AD4F34}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{D0E9B7D6-A366-4E10-9E60-926FE41385DA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{AEB7334F-3F31-4362-ADFA-A8FCD4CAB19A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{19F5D832-3829-4EA8-BC51-B81602E679FD}] => (Allow) LPort=2869 FirewallRules: [{FC535E9A-F6F8-4BCA-9EB8-9AC3038ECC18}] => (Allow) LPort=1900 FirewallRules: [{9ED5A40D-D91E-42F7-9904-AFAFC42569FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5FE6390E-FBC1-47A1-92FF-42D4A0194B88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{2646E604-5C4E-4E88-B54F-2717778A1F5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{ADEF3F48-49BF-4819-BE62-2A9D1B0C9324}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite -> Carbonite, Inc. (www.carbonite.com)) FirewallRules: [{61618048-CC4B-48D9-B9F9-26BF46BA04ED}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite -> Carbonite, Inc. (www.carbonite.com)) FirewallRules: [{BFCBEC2E-22FF-4AFF-91F1-FEC7DFA8F6EC}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite -> Carbonite, Inc. (www.carbonite.com)) FirewallRules: [{767D0C9D-1AB3-4CD7-8995-22AF4BF91BCA}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite -> Carbonite, Inc. (www.carbonite.com)) FirewallRules: [{94617445-1942-477C-B848-3052A2526F58}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{1409B95A-D584-4006-BB7D-8BF62E52B2D7}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{2789C986-0918-4440-87EE-A615EEBBF71E}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{A5E32FD5-904A-47BB-B54A-53887F375ADE}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{1573201E-FE63-40B8-957B-2B5A23B0F6D5}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{0F9D130D-6B7A-4BFB-AB30-A859A8C79DB3}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{B85D2D20-E58E-4778-952D-4D9AE5A8BF14}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{5AEA6C35-14CF-4643-B6F4-FE6E487F1793}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe (Carbonite -> Carbonite, Inc.) FirewallRules: [{18D5D07B-229B-4D5B-A9C0-63A9FD72D1C3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{461DDFF8-9822-4495-A21C-47496B89C1F9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{5A2B86C7-7BBB-49A8-B72E-FD3FA3D34CF9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{B9D7C80B-0158-404A-82DA-A64E1F5618C3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{9B6394AE-4D8C-456B-BB76-75536D52B84E}] => (Allow) LPort=5357 FirewallRules: [{AD5F599F-97FB-46D4-83ED-7A71210A470D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{3A405F12-6DE3-4EA6-B1CC-4764AA485415}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{43768EA6-0064-45B7-9359-137975F8B3D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F49DC1A5-9FD9-4BC1-B877-199CCD16BBF4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{253AC614-5E3C-45C4-BA69-A1E651E9E2FC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{4F1EC1A3-27A8-49A5-9B30-D8AE286E4756}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3EBAB283-4C66-434F-A8FA-C86163AAB766}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C8264E9E-BA2F-4FFF-8825-931427614BC4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{1E8B2E97-FBFB-4B78-9984-67F36EAEF448}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{899C049C-2DEC-4035-8378-76BA8138CDB2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5719A264-6BA0-41C6-A3EE-4C0D27453CFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A59F148B-B4D8-4EBB-94E3-5D53F175275B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{C5746BA6-DC63-498F-8489-BF155053E639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{D329AE21-F8CD-4B26-B1BA-F62AF4D616C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B411D5D0-DBA5-4BE0-933C-11EFCB8F3A1E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{C886E30E-7502-4CE1-B3B9-784ECF577D23}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) ==================== Restore Points ========================= 29-04-2019 08:58:28 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/03/2019 11:22:00 AM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (05/03/2019 01:22:03 AM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (05/01/2019 10:32:51 PM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (04/30/2019 11:22:12 PM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (04/30/2019 05:39:14 PM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (04/30/2019 01:01:32 AM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (04/29/2019 06:16:35 PM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) Error: (04/29/2019 03:42:21 PM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'. at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine) at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall() at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription) at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription) System errors: ============= Error: (05/03/2019 10:16:23 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019221622384-ntuser.dat Error: (05/03/2019 10:13:26 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019221326068-ntuser.dat Error: (05/03/2019 10:01:06 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019220105586-ntuser.dat Error: (05/03/2019 08:01:05 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019200104942-ntuser.dat Error: (05/03/2019 06:01:07 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019180106446-ntuser.dat Error: (05/03/2019 03:01:06 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019150105826-ntuser.dat Error: (05/03/2019 01:01:08 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019130107457-ntuser.dat Error: (05/03/2019 10:53:59 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a119\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-4029162235-4123474821-1798796012-1001-05032019105358804-ntuser.dat Windows Defender: =================================== Date: 2019-02-11 12:55:55.152 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.118.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-02-11 12:55:55.027 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.118.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-11-14 19:44:17.719 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.267.423.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14800.3 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-11-14 19:44:17.719 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.267.423.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14800.3 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-10-05 23:22:38.867 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.267.423.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14800.3 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-03-02 20:25:44.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system. Date: 2019-03-02 20:25:44.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system. Date: 2019-02-12 20:58:12.032 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system. Date: 2019-02-12 20:58:11.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Dell Inc. A10 01/31/2018 Motherboard: Dell Inc. 0XHYJF Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz Percentage of memory in use: 51% Total physical RAM: 8092.45 MB Available physical RAM: 3930.43 MB Total Virtual: 16284.64 MB Available Virtual: 11482.54 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:921.73 GB) (Free:823.56 GB) NTFS \\?\Volume{bf46ccd3-8699-4344-adaf-a98d5ef1c047}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS \\?\Volume{17427eab-ad4a-4c51-a0ed-9360dedc8e62}\ (PBR Image) (Fixed) (Total:8.4 GB) (Free:0.73 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B14CF434) Partition: GPT. ==================== End of Addition.txt ============================
×
×
  • Create New...