shirl Posted February 27, 2019 ID:1300974 Share Posted February 27, 2019 I had the same issues. Nothing seems to be able to get rid of PUP.Optional.DriverSupport Please help! Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01 Ran by shirl (27-02-2019 22:22:56) Running from C:\Users\shirl\Downloads Windows 10 Home Version 1803 17134.590 (X64) (2018-07-22 08:13:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4096539192-3162152629-878619529-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4096539192-3162152629-878619529-503 - Limited - Disabled) defaultuser0 (S-1-5-21-4096539192-3162152629-878619529-1004 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-4096539192-3162152629-878619529-501 - Limited - Disabled) shirl (S-1-5-21-4096539192-3162152629-878619529-1005 - Administrator - Enabled) => C:\Users\shirl WDAGUtilityAccount (S-1-5-21-4096539192-3162152629-878619529-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated) Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_0) (Version: 18.0 - Adobe Systems Incorporated) Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.) CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.1.3008 - CyberLink Corp.) DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.6.14 - PC Drivers HeadQuarters LP) <==== ATTENTION Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden ELAN Touchpad 18.2.15.7_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.15.7 - ELAN Microelectronic Corp.) Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{B1765501-59E8-4395-BF00-8A2C1F1FC1E0}) (Version: 3.10.0091 - Seiko Epson Corporation) EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{9ABD2971-9B8B-4958-9100-4EAFCC32A86D}) (Version: 3.0.0.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{4830989D-5FA5-41DF-A02F-5D1B4D5C73B8}) (Version: 4.4.10 - Seiko Epson Corporation) EPSON XP-6100 Series Printer Uninstall (HKLM\...\EPSON XP-6100 Series) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HP 3D DriveGuard (HKLM-x32\...\{D3D0E6C5-4B65-4088-A5A9-A7DF27DB5D1A}) (Version: - ) HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.96.0 - HP Inc.) HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{6B4A5299-4837-485A-B71D-7F1CE6F8F018}) (Version: 1.0.0.143 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}) (Version: 1.0.145.0 - HP Inc.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8351.5556 - HP Inc.) HP Support Assistant (HKLM-x32\...\{0A07AA35-BE9C-453F-A2F7-486E68B9DC69}) (Version: 8.7.50.3 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{52A6690A-A8F3-4EDC-8BA9-125FDD65337A}) (Version: 12.10.49.21 - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.25 - HP Inc.) HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.) iCloud (HKLM\...\{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation) Intel® Integrated Sensor Solution (HKLM-x32\...\{b3c2a365-876b-4588-97ce-5ab104b07d57}) (Version: 3.0.30.1076 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{4996e560-35d4-4f06-93df-54b6e6ab11c5}) (Version: 20.50.1 - Intel Corporation) ISS_Drivers_x64 (HKLM\...\{7F65AED2-5B3C-40DD-996B-6F8820856F34}) (Version: 3.0.30.1076 - Intel Corporation) Hidden iTunes (HKLM\...\{160EFAC8-C79A-48A2-845C-3F6F577078A0}) (Version: 12.9.2.6 - Apple Inc.) Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Kodi (HKU\S-1-5-21-4096539192-3162152629-878619529-1005\...\Kodi) (Version: - XBMC-Foundation) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.12000 - McAfee, Inc.) Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11231.20174 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4096539192-3162152629-878619529-1005\...\OneDriveSetup.exe) (Version: 19.012.0121.0009 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7851 - Realtek Semiconductor Corp.) SCIT version 3.1 (HKLM-x32\...\{20E72732-8BB2-4E1F-8058-02393D003867}_is1) (Version: 3.1 - NeuroTest Pty Ltd) Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Zoom (HKU\S-1-5-21-4096539192-3162152629-878619529-1005\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4096539192-3162152629-878619529-1005_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4096539192-3162152629-878619529-1005_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1E5F84D52F98}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4096539192-3162152629-878619529-1005_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-02-10] (McAfee, Inc. -> McAfee, Inc.) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-12-03] (Apple Inc. -> Apple Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125121.inf_amd64_26ca8ba649abc040\igfxDTCM.dll [2017-11-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-02-10] (McAfee, Inc. -> McAfee, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04935C9C-FDBD-41C7-815A-CE00577E130B} - System32\Tasks\{66C2C36E-A363-434C-8E61-E488F0B116F7} Task: {0AF80641-5767-4F1B-9852-F65225285911} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {293632B5-9E95-442F-AB31-407874C92596} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {2F408841-C42E-4877-8C71-B99F0DE7A8B3} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {2FB8369E-E86C-4DD4-B022-F9C6A34684B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {326CE6CB-AF3B-43CD-B88F-E7CE21B01D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {40CA944A-2565-42DE-ACBB-9913A3A87CF6} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {42F53CF1-93F7-40D4-89C5-17D9420DF765} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.) Task: {4E25BA76-B0DC-4C32-9825-743210189407} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) Task: {4F3940AD-6ECF-47C6-894D-A8C1A741980B} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-shirl.webber@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {5401C402-AA6E-4D86-A31B-12F15062BF1D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {633D9BDE-3885-45C0-A14E-024225686ADE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {63E14C08-A586-4602-83B5-AF0FF0FC72D7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-shirl.webber@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {68C3F5C7-B200-49FA-99E5-38B8E5A87079} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {6A68FE26-9D86-421A-9651-A886ADD650AC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {6C3E5C98-89F9-405F-A701-4F8F04D93535} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {6EAA8334-0016-4AC3-9DB4-A1763C9D5FDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.) Task: {706E80D3-39ED-463B-9B27-22C895CC2AB8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) Task: {71AB48B4-629A-4AFA-A3C6-726B5B8A81F9} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Dropbox, Inc -> ) Task: {7B49980D-622F-44EB-AA32-CCE3AE342774} - System32\Tasks\EPSON XP-6100 Series Update {63BAC7F0-BD61-497C-8DBE-6DA82A7D8D90} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSVTE.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {7DCF7915-6CE2-4665-B29A-3A10D3CB5A9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {823A70FE-777E-4BF0-BA5A-A89BBFB3586A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {8CB09A2A-508C-4669-807E-ABA4E1F8472F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {8E2047F6-E81E-4837-9101-43C74E4597A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {8F3C6451-D1CB-4F5B-BDDE-71927741F7FC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {8FEF6122-C474-4CDA-90C2-E88261F6237C} - System32\Tasks\HPCeeScheduleForshirl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Development Company, L.P.) Task: {94A97E28-EBBF-4446-9F85-EA373152AD2B} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe (Hewlett-Packard Company -> HP Development Company, L.P.) Task: {9C9C1577-3CD5-43CD-98A7-4D24B2BA4099} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.) Task: {A277DE46-04AA-45CB-998E-978FD6EB8307} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.) Task: {AA6C923D-8AE5-4257-958B-6C1DFDB2F8EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {B4F6E016-8B7B-4519-B7E6-ACC2D487815D} - System32\Tasks\EPSON XP-6100 Series Update {3261EC63-38CB-4271-8587-FCB27621ECDD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSVTE.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {B6AA9A43-9C6F-4C0A-8D0E-1742F4AFE119} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation) Task: {C3228866-AE1D-41AA-A2AE-889908A607ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {CFAD6EAE-D27E-4C41-ADCE-F9DB756048EC} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe (HP Inc. -> ) Task: {D0C9D879-1FF1-4E89-9B60-7A1AB7DBC975} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {DD02B1BC-690F-4D57-8A8E-78534E788875} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {DD4FB7D4-1267-457C-B16E-33C856BB63D1} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe (HP Inc.) [File not signed] Task: {DEF2A965-7E53-41A8-BB67-3A4A2F3265E7} - System32\Tasks\{ECB17B16-24AF-41E2-864C-34FE5427FF37} Task: {E15C3798-01D5-4E06-B5AE-EAC569141DF5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {F8CD6C97-B449-454D-B686-BF977A26CF22} - System32\Tasks\{2C932742-413C-4B70-82C9-252094ED4C3C} Task: {F9EB3D6C-B325-4317-87B9-147F109080B5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {FBAF54A1-3B6A-470E-9397-73EFBE1E5DDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\EPSON XP-6100 Series Update {3261EC63-38CB-4271-8587-FCB27621ECDD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSVTE.EXE:/EXE:{3261EC63-38CB-4271-8587-FCB27621ECDD} /F:UpdateWORKGROUP\DESKTOP-QFJJ5EC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON XP-6100 Series Update {63BAC7F0-BD61-497C-8DBE-6DA82A7D8D90}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSVTE.EXE:/EXE:{63BAC7F0-BD61-497C-8DBE-6DA82A7D8D90} /F:UpdateWORKGROUP\DESKTOP-QFJJ5EC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\HPCeeScheduleForshirl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll 2016-10-19 04:49 - 2016-05-06 09:37 - 000892928 _____ (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe 2019-02-27 20:51 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-02-27 20:51 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-02-27 20:51 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-02-27 20:51 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-02-27 20:51 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-02-27 20:51 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-02-27 20:51 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-02-27 20:51 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-02-27 22:06 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-02-14 15:33 - 2019-02-14 15:33 - 000113152 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPJumpStartBridge\f785e6b43fad7a881d3a7ba2a8791508\HPJumpStartBridge.ni.exe 2019-02-14 15:32 - 2019-02-14 15:32 - 000120320 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\9bf5754cb1555bccb84206f4db099116\BRIDGECommon.ni.dll 2019-02-14 15:33 - 2019-02-14 15:33 - 000110080 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\d1072b90b83389d6dc49ce9df54ba324\BridgeExtension.ni.dll 2017-02-07 20:22 - 2017-02-07 20:22 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll 2017-02-07 20:22 - 2017-02-07 20:22 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll 2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll 2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 18:24 - 2015-10-30 18:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4096539192-3162152629-878619529-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\shirl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9CCCCFEE-7C86-41B7-8D87-0B201F7FC692}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{3931864C-01A8-4146-9CCF-F84E03799DEE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{A381F9CC-7C82-4C5F-8F6D-F8592753B4D4}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE No File FirewallRules: [{59E84133-9D41-44ED-9F26-404E58A2CEFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe No File FirewallRules: [{17D6C239-EDDA-4BD6-B728-C161BAF53142}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe No File FirewallRules: [{19419BAE-1654-478F-BD12-5B9BCC0B30F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File FirewallRules: [{FB27C5E3-2D22-46E2-8A54-6A61B70FA4B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File FirewallRules: [{381FEE2C-77D2-4A74-B3B8-5F7EA854AE80}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{A349772C-0FEF-4251-B7DE-8A8851AE9FDD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File FirewallRules: [{7D990E77-0EB0-4611-9075-4E5CC5C877F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File FirewallRules: [TCP Query User{40E4CF46-07DF-47DC-85AE-82A9ABBC6CE6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed] FirewallRules: [UDP Query User{F4483CA9-FB78-42DB-B938-5A5EBA5D8A88}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed] FirewallRules: [{0C2027A6-294D-4C07-A5D5-5F3173C2F584}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1F4D018D-D59B-4867-87FD-D1630E9FD39B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2D9E172B-617A-43CD-AFDD-1E2FD81D9676}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DDF039D0-1CDE-408C-AAE4-ADB78E17F3E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{AB5E1560-D949-4620-BCB3-1AD9CF7B3C61}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Adobe Systems Incorporated -> Node.js) FirewallRules: [UDP Query User{80FAAD96-C0B9-49E9-9713-CF55EBC4E04C}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Adobe Systems Incorporated -> Node.js) FirewallRules: [{6AEF0031-24F6-482A-8351-BA1B9C0F8A6F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A3FC0B2E-1801-42B6-B563-3020FE525862}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F8FE1228-5227-44AE-8B89-E8F5F434C1C0}] => (Allow) C:\Users\shirl\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File FirewallRules: [{2427EB11-1670-45E7-982B-5FBD937CD641}] => (Allow) C:\Users\shirl\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File FirewallRules: [{481734AF-305F-4AE6-83F0-111A598248F1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{C25D7119-700F-43C3-8C5A-4DDA08A017A1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{25AA6785-63D6-44B6-A83E-407CA7558E39}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) FirewallRules: [{B72DE657-BE31-4328-A998-707719A58155}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) FirewallRules: [{FD5493BB-747D-4B2E-8950-DDBA1DCD29C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Restore Points ========================= 20-02-2019 19:46:04 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: WAN Miniport (PPPOE) Description: WAN Miniport (PPPOE) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasPppoe Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/27/2019 10:12:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0 Error: (02/27/2019 10:12:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0 Error: (02/27/2019 10:12:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0 Error: (02/27/2019 10:12:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0 Error: (02/27/2019 10:12:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0 Error: (02/27/2019 10:12:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0 Error: (02/27/2019 10:12:19 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 6792 ms DPTF Build Version: 8.2.10900.330 DPTF Build Date: May 16 2016 11:32:37 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002 Executing Function: PolicyBase::takeControlOfOsc Message: Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.2.10900.330 DPTF Build Date: May 16 2016 11:32:37 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Passive Policy 2 [1] Error: (02/27/2019 09:42:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0 System errors: ============= Error: (02/27/2019 10:22:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:16:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:14:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:14:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:14:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:13:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QFJJ5EC) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DESKTOP-QFJJ5EC\shirl SID (S-1-5-21-4096539192-3162152629-878619529-1005) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:13:04 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QFJJ5EC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-QFJJ5EC\shirl SID (S-1-5-21-4096539192-3162152629-878619529-1005) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2019 10:12:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2019-02-27 21:36:36.752 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C6F8AD0C-F6D1-4B85-B817-BE32FAFBAA8E} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-02-12 10:21:27.978 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {4AEAB94A-450B-45B3-AB99-AF78227B4549} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-01-22 21:23:26.986 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {4BF07ECC-BDFE-4B6A-8DB2-D8095E187943} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-01-22 21:18:22.145 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {2A488203-C26B-4CED-A174-8E7F3D7B623F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-01-22 21:12:13.780 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {276F52E5-7F8C-450C-B54D-38BF01712D33} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-01-25 14:02:27.304 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.285.6.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15600.4 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-01-22 09:23:52.606 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.283.3395.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-12-07 21:11:42.635 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.1406.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-11-16 18:28:54.813 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.101.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-11-13 21:14:39.031 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.281.34.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15400.5 Error code: 0x80070670 Error description: No valid sequence could be found for the set of updates. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage of memory in use: 68% Total physical RAM: 8064.57 MB Available physical RAM: 2546.65 MB Total Virtual: 13184.57 MB Available Virtual: 7151.48 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:221.8 GB) (Free:27.13 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:15.44 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{73b0d20e-73bf-4fca-ad51-598655180437}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.39 GB) NTFS \\?\Volume{abbfae46-96d5-4cf6-9a3d-ac93f7c13b5e}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: A50E1C7D) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 28, 2019 Root Admin ID:1301115 Share Posted February 28, 2019 Hello @shirl and Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2, 2019 Root Admin ID:1301526 Share Posted March 2, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts