sir9bob Posted April 19, 2019 ID:1308551 Share Posted April 19, 2019 almost 200 pups return with each scan even though I quarantine all every time. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.04.2019 Ran by sir9b (administrator) on DESKTOP-P7U5D2T (18-04-2019 17:04:43) Running from C:\Users\sir9b\Downloads Loaded Profiles: sir9b (Available Profiles: sir9b) Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\igfxCUIService.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm\Bluetooth Suite\AdminService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel(R) RMT -> Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\IntelCpHDCPSvc.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\IntelCpHeciSvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\igfxEM.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\sir9b\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\sir9b\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\pcdrwi.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1902.42.0_x64__8wekyb3d8bbwe\Calculator.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235464 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494024 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [127480 2017-11-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-03-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [975744 2017-05-01] (Waves Inc -> Waves Audio Ltd.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [266624 2018-12-19] (Razer USA Ltd. -> Razer Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [790432 2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [587168 2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) HKU\S-1-5-21-670212906-3066847214-2374188655-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation) HKU\S-1-5-21-670212906-3066847214-2374188655-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation -> TechSmith Corporation) HKU\S-1-5-21-670212906-3066847214-2374188655-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3434224 2018-12-21] (Razer USA Ltd. -> ) HKU\S-1-5-21-670212906-3066847214-2374188655-1001\...\Run: [SoftMiner] => C:\Program Files (x86)\Razer\SoftMiner\SoftMiner.exe [7280976 2018-12-14] (Razer USA Ltd. -> ) HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3434224 2018-12-21] (Razer USA Ltd. -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{4cdc4ea2-cc09-4f3d-bb6f-7edf75c47d14}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{5efe46c0-03cd-4431-a252-ff12dbeb5461}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-670212906-3066847214-2374188655-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE HKU\S-1-5-21-670212906-3066847214-2374188655-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed] Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FireFox: ======== FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2019-01-17] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC) Chrome: ======= CHR HomePage: Default -> file:///H:/homepage/index2d.htm CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://drive.google.com/drive/u/0/my-drive" CHR Profile: C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default [2019-04-18] CHR Extension: (Slides) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17] CHR Extension: (Entanglement Web App) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2019-02-20] CHR Extension: (Docs) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17] CHR Extension: (Google Drive) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-15] CHR Extension: (YouTube) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-17] CHR Extension: (Sheets) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17] CHR Extension: (iCloud Bookmarks) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-02-20] CHR Extension: (Google Docs Offline) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15] CHR Extension: (Glance Networks) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\gniobnbbehpgbcamkdplghfimhocklgb [2019-04-10] CHR Extension: (Cisco Webex Extension) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-08-02] CHR Extension: (Grammarly for Chrome) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-04-17] CHR Extension: (Asana) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\khnpeclbnipcdacdkhejifenadikeghk [2019-02-20] CHR Extension: (Search Manager) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjgaljeofmfgjfipajjeeflbknekghma [2019-04-17] CHR Extension: (Poppit!) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2019-02-20] CHR Extension: (Wikibuy) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-04-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17] CHR Extension: (Google Quick Scroll) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2018-06-17] CHR Extension: (Send from Gmail (by Google)) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2018-06-17] CHR Extension: (Gmail) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-17] CHR Extension: (Chrome Media Router) - C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28] CHR Profile: C:\Users\sir9b\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-19] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [338312 2017-04-16] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.) S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.) R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [38048 2019-03-15] (Dell Inc -> ) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe [1038144 2019-04-11] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [293528 2018-10-20] (Dell Inc -> Dell Inc.) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> ) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation -> NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-06] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel(R) RMT -> Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation -> NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation -> NVIDIA Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.) R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.) R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer USA Ltd. -> Razer Inc) R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [285424 2018-12-21] (Razer USA Ltd. -> ) R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333320 2017-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor) R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2018-12-17] (Razer USA Ltd. -> Razer Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290352 2018-12-19] (Razer USA Ltd. -> Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39384 2019-03-20] (Dell Inc. -> Dell Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11786992 2018-11-14] (TeamViewer GmbH -> TeamViewer GmbH) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-01] (Waves Inc -> Waves Audio Ltd.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-09] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-09] (Microsoft Corporation -> Microsoft Corporation) S2 0085511538199870mcinstcleanup; C:\WINDOWS\TEMP\0085511538199870mcinst.exe -cleanup -nolog [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [X] S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4322672 2018-05-27] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 HfAudio; C:\WINDOWS\system32\DRIVERS\HfAudio.sys [65008 2018-02-25] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-09] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-17] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-17] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-17] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-17] (Malwarebytes Corporation -> Malwarebytes) S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [505768 2017-11-14] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108456 2017-11-14] (McAfee, Inc. -> McAfee LLC.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdd.inf_amd64_1c87277d30438bde\nvlddmkm.sys [17538104 2018-06-04] (NVIDIA Corporation -> NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-25] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-04] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49544 2018-09-13] (Razer USA Ltd. -> Razer Inc) R3 RzDev_022a; C:\WINDOWS\System32\drivers\RzDev_022a.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc) R3 ScrHIDDriver; C:\WINDOWS\system32\DRIVERS\ScrHIDDriver.sys [58864 2018-02-25] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.) R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2018-10-26] (Citrix Systems, Inc. -> Citrix Systems, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [343520 2019-04-09] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-09] (Microsoft Windows -> Microsoft Corporation) U4 dmwappushsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-18 17:04 - 2019-04-18 17:05 - 000036587 _____ C:\Users\sir9b\Downloads\FRST.txt 2019-04-18 17:04 - 2019-04-18 17:04 - 000000000 ____D C:\FRST 2019-04-18 17:02 - 2019-04-18 17:03 - 002434048 _____ (Farbar) C:\Users\sir9b\Downloads\FRST64.exe 2019-04-17 20:28 - 2019-04-17 20:29 - 000083542 _____ C:\Users\sir9b\Downloads\drive-download-20190418T032825Z-001.zip 2019-04-17 06:45 - 2019-04-17 06:45 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-04-17 06:44 - 2019-04-17 06:44 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-04-17 06:44 - 2019-04-17 06:44 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-04-17 06:44 - 2019-04-17 06:44 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-04-10 19:12 - 2019-04-10 19:12 - 000000000 ___HD C:\OneDriveTemp 2019-04-10 17:51 - 2019-04-10 17:51 - 001946723 _____ C:\Users\sir9b\Downloads\Michael_L_Sommer_2018 (1).pdf 2019-04-10 14:40 - 2019-04-10 14:40 - 000237729 _____ C:\Users\sir9b\Downloads\creditReport_1554932422419.pdf 2019-04-10 14:35 - 2019-04-02 05:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-04-10 14:35 - 2019-04-02 05:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-04-10 14:35 - 2019-04-02 02:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-04-10 14:35 - 2019-04-02 02:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-04-10 14:35 - 2019-04-02 01:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-04-10 14:35 - 2019-04-02 01:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-04-10 14:35 - 2019-04-02 01:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-04-10 14:35 - 2019-04-02 00:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-04-10 14:35 - 2019-04-02 00:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-04-10 14:35 - 2019-04-02 00:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-04-10 14:35 - 2019-04-02 00:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-04-10 14:35 - 2019-04-01 22:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-04-10 14:35 - 2019-04-01 21:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-04-10 14:35 - 2019-04-01 21:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-04-10 14:35 - 2019-04-01 21:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-04-10 14:35 - 2019-03-14 01:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-04-10 14:35 - 2019-03-14 01:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-04-10 14:35 - 2019-03-14 01:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-04-10 14:35 - 2019-03-14 00:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-04-10 14:35 - 2019-03-14 00:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-04-10 14:35 - 2019-03-14 00:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-04-10 14:35 - 2019-03-14 00:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-04-10 14:35 - 2019-03-14 00:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-04-10 14:34 - 2019-04-02 05:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-04-10 14:34 - 2019-04-02 05:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-04-10 14:34 - 2019-04-02 05:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-04-10 14:34 - 2019-04-02 05:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-04-10 14:34 - 2019-04-02 05:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-04-10 14:34 - 2019-04-02 05:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2019-04-10 14:34 - 2019-04-02 05:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll 2019-04-10 14:34 - 2019-04-02 05:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-04-10 14:34 - 2019-04-02 05:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-04-10 14:34 - 2019-04-02 05:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-04-10 14:34 - 2019-04-02 05:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2019-04-10 14:34 - 2019-04-02 05:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-04-10 14:34 - 2019-04-02 05:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2019-04-10 14:34 - 2019-04-02 05:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2019-04-10 14:34 - 2019-04-02 02:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-04-10 14:34 - 2019-04-02 02:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-04-10 14:34 - 2019-04-02 02:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-04-10 14:34 - 2019-04-02 02:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll 2019-04-10 14:34 - 2019-04-02 02:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-04-10 14:34 - 2019-04-02 02:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2019-04-10 14:34 - 2019-04-02 02:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-04-10 14:34 - 2019-04-02 01:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-04-10 14:34 - 2019-04-02 01:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-04-10 14:34 - 2019-04-02 01:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-04-10 14:34 - 2019-04-02 01:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-04-10 14:34 - 2019-04-02 01:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-04-10 14:34 - 2019-04-02 01:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-04-10 14:34 - 2019-04-02 01:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-04-10 14:34 - 2019-04-02 01:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-04-10 14:34 - 2019-04-02 01:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-04-10 14:34 - 2019-04-02 01:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-04-10 14:34 - 2019-04-02 01:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-04-10 14:34 - 2019-04-02 01:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-04-10 14:34 - 2019-04-02 01:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-04-10 14:34 - 2019-04-02 01:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-04-10 14:34 - 2019-04-02 00:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-04-10 14:34 - 2019-04-02 00:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-04-10 14:34 - 2019-04-02 00:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-04-10 14:34 - 2019-04-02 00:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-04-10 14:34 - 2019-04-02 00:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2019-04-10 14:34 - 2019-04-02 00:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-04-10 14:34 - 2019-04-02 00:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-04-10 14:34 - 2019-04-02 00:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-04-10 14:34 - 2019-04-02 00:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-04-10 14:34 - 2019-04-02 00:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-04-10 14:34 - 2019-04-02 00:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-04-10 14:34 - 2019-04-02 00:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-04-10 14:34 - 2019-04-02 00:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-04-10 14:34 - 2019-04-02 00:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-04-10 14:34 - 2019-04-01 23:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-04-10 14:34 - 2019-04-01 22:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-04-10 14:34 - 2019-04-01 22:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-04-10 14:34 - 2019-04-01 22:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-04-10 14:34 - 2019-04-01 22:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-04-10 14:34 - 2019-04-01 21:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-04-10 14:34 - 2019-04-01 21:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-04-10 14:34 - 2019-04-01 21:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-04-10 14:34 - 2019-04-01 21:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2019-04-10 14:34 - 2019-04-01 21:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-04-10 14:34 - 2019-04-01 21:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-04-10 14:34 - 2019-04-01 21:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-04-10 14:34 - 2019-04-01 21:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-04-10 14:34 - 2019-04-01 10:51 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-04-10 14:34 - 2019-04-01 10:51 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-10 14:34 - 2019-03-16 05:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-04-10 14:34 - 2019-03-16 02:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-04-10 14:34 - 2019-03-14 07:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-04-10 14:34 - 2019-03-14 07:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-04-10 14:34 - 2019-03-14 07:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-04-10 14:34 - 2019-03-14 07:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-04-10 14:34 - 2019-03-14 07:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-04-10 14:34 - 2019-03-14 07:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-04-10 14:34 - 2019-03-14 07:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-04-10 14:34 - 2019-03-14 07:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys 2019-04-10 14:34 - 2019-03-14 07:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2019-04-10 14:34 - 2019-03-14 07:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll 2019-04-10 14:34 - 2019-03-14 07:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-04-10 14:34 - 2019-03-14 07:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2019-04-10 14:34 - 2019-03-14 07:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys 2019-04-10 14:34 - 2019-03-14 07:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe 2019-04-10 14:34 - 2019-03-14 07:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll 2019-04-10 14:34 - 2019-03-14 07:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll 2019-04-10 14:34 - 2019-03-14 07:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2019-04-10 14:34 - 2019-03-14 07:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll 2019-04-10 14:34 - 2019-03-14 07:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll 2019-04-10 14:34 - 2019-03-14 07:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll 2019-04-10 14:34 - 2019-03-14 07:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-04-10 14:34 - 2019-03-14 06:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll 2019-04-10 14:34 - 2019-03-14 06:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe 2019-04-10 14:34 - 2019-03-14 06:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll 2019-04-10 14:34 - 2019-03-14 06:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll 2019-04-10 14:34 - 2019-03-14 06:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2019-04-10 14:34 - 2019-03-14 06:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll 2019-04-10 14:34 - 2019-03-14 01:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-04-10 14:34 - 2019-03-14 01:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-04-10 14:34 - 2019-03-14 01:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-04-10 14:34 - 2019-03-14 01:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll 2019-04-10 14:34 - 2019-03-14 01:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-04-10 14:34 - 2019-03-14 01:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2019-04-10 14:34 - 2019-03-14 01:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2019-04-10 14:34 - 2019-03-14 01:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-04-10 14:34 - 2019-03-14 01:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll 2019-04-10 14:34 - 2019-03-14 01:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-04-10 14:34 - 2019-03-14 01:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-04-10 14:34 - 2019-03-14 01:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-04-10 14:34 - 2019-03-14 01:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-04-10 14:34 - 2019-03-14 01:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-04-10 14:34 - 2019-03-14 01:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-04-10 14:34 - 2019-03-14 01:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-04-10 14:34 - 2019-03-14 01:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2019-04-10 14:34 - 2019-03-14 01:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-04-10 14:34 - 2019-03-14 01:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-04-10 14:34 - 2019-03-14 01:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-04-10 14:34 - 2019-03-14 01:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-04-10 14:34 - 2019-03-14 01:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-04-10 14:34 - 2019-03-14 01:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-04-10 14:34 - 2019-03-14 01:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2019-04-10 14:34 - 2019-03-14 01:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll 2019-04-10 14:34 - 2019-03-14 01:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-04-10 14:34 - 2019-03-14 01:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-04-10 14:34 - 2019-03-14 01:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-04-10 14:34 - 2019-03-14 01:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-04-10 14:34 - 2019-03-14 01:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2019-04-10 14:34 - 2019-03-14 01:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll 2019-04-10 14:34 - 2019-03-14 01:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll 2019-04-10 14:34 - 2019-03-14 01:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-04-10 14:34 - 2019-03-14 01:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-04-10 14:34 - 2019-03-14 01:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2019-04-10 14:34 - 2019-03-14 01:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-04-10 14:34 - 2019-03-14 01:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll 2019-04-10 14:34 - 2019-03-14 01:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll 2019-04-10 14:34 - 2019-03-14 01:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2019-04-10 14:34 - 2019-03-14 01:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-04-10 14:34 - 2019-03-14 01:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-04-10 14:34 - 2019-03-14 01:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-04-10 14:34 - 2019-03-14 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-04-10 14:34 - 2019-03-14 01:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-04-10 14:34 - 2019-03-14 01:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2019-04-10 14:34 - 2019-03-14 01:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2019-04-10 14:34 - 2019-03-14 01:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-04-10 14:34 - 2019-03-14 01:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-04-10 14:34 - 2019-03-14 00:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-04-10 14:34 - 2019-03-14 00:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-04-10 14:34 - 2019-03-14 00:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-04-10 14:34 - 2019-03-14 00:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2019-04-10 14:34 - 2019-03-14 00:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-04-10 14:34 - 2019-03-14 00:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2019-04-10 14:34 - 2019-03-14 00:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-04-10 14:34 - 2019-03-14 00:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll 2019-04-10 14:34 - 2019-03-14 00:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe 2019-04-10 14:34 - 2019-03-14 00:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-04-10 14:34 - 2019-03-14 00:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll 2019-04-10 14:34 - 2019-03-14 00:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-04-10 14:34 - 2019-03-14 00:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2019-04-10 14:34 - 2019-03-14 00:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-04-10 14:34 - 2019-03-14 00:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-04-10 14:34 - 2019-03-14 00:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll 2019-04-10 14:34 - 2019-03-14 00:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-04-10 14:34 - 2019-03-14 00:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-04-10 14:34 - 2019-03-14 00:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll 2019-04-10 14:34 - 2019-03-14 00:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2019-04-10 14:34 - 2019-03-14 00:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-04-10 14:34 - 2019-03-14 00:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-04-10 14:34 - 2019-03-14 00:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-04-10 14:34 - 2019-03-14 00:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-04-10 14:34 - 2019-03-14 00:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-04-10 14:34 - 2019-03-13 18:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-04-10 14:34 - 2019-03-13 18:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2019-04-10 14:34 - 2019-03-13 18:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-04-10 14:34 - 2019-03-13 18:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-04-10 14:34 - 2019-03-13 18:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-04-10 14:06 - 2019-04-18 07:07 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services 2019-04-10 14:06 - 2019-04-10 14:06 - 000000000 ____D C:\DummyDir 2019-04-10 09:15 - 2019-04-10 09:15 - 000025600 _____ C:\Users\sir9b\Downloads\zbd041019j.xls 2019-04-10 09:15 - 2019-04-10 09:15 - 000025600 _____ C:\Users\sir9b\Downloads\zbd041019j (1).xls 2019-04-09 21:51 - 2019-04-09 21:51 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-04-09 21:51 - 2019-04-09 21:51 - 000001922 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-04-09 21:51 - 2019-04-09 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-04-09 21:51 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-04-09 21:51 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-04-09 21:47 - 2019-04-09 21:47 - 000000000 ____D C:\Users\sir9b\AppData\Local\mbam 2019-04-09 21:46 - 2019-04-09 21:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-04-09 21:46 - 2019-04-09 21:46 - 000000000 ____D C:\Users\sir9b\AppData\Local\mbamtray 2019-04-09 21:46 - 2019-04-09 21:46 - 000000000 ____D C:\Program Files\Malwarebytes 2019-04-08 21:19 - 2019-04-08 21:19 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-670212906-3066847214-2374188655-1001 2019-04-08 21:19 - 2019-04-08 21:19 - 000002412 _____ C:\Users\sir9b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-04-08 06:18 - 2019-04-09 06:09 - 000060107 _____ C:\Users\sir9b\Downloads\Medical Info form - English.pdf 2019-04-02 06:11 - 2019-04-02 06:11 - 000000000 ____D C:\Users\sir9b\OneDrive\Documents\M's Health Ins Options 2019-04-02 06:04 - 2019-04-02 06:04 - 000031456 _____ C:\Users\sir9b\Downloads\2018 Gayle's K-1 (NOVEL PARTNERS LLC) (2).pdf 2019-04-01 21:28 - 2019-04-01 21:28 - 000048356 _____ C:\Users\sir9b\Downloads\2018 Bob's K-1 (NOVEL PARTNERS LLC) (2).pdf 2019-04-01 09:02 - 2019-04-01 09:02 - 000091580 _____ C:\Users\sir9b\Downloads\1099CompositeandYearEndSummary20180208193374.pdf 2019-04-01 09:01 - 2019-04-01 09:02 - 000111691 _____ C:\Users\sir9b\Downloads\1099CompositeandYearEndSummary20180208197225.pdf 2019-03-31 15:31 - 2019-03-31 15:31 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1530366184 2019-03-31 15:31 - 2019-03-31 15:31 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-03-31 06:00 - 2019-03-31 06:00 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk 2019-03-29 07:09 - 2019-03-29 07:09 - 000000000 ____D C:\Users\sir9b\OneDrive\Documents\My PaperPort Documents 2019-03-29 07:09 - 2019-03-29 07:09 - 000000000 ____D C:\Users\sir9b\AppData\Roaming\Zeon 2019-03-29 07:09 - 2019-03-29 07:09 - 000000000 _____ C:\Users\sir9b\OneDrive\Documents\Nuance Image Printer Writer Port 2019-03-29 07:06 - 2019-03-29 07:06 - 000090099 _____ C:\Users\sir9b\Downloads\nissan-leaf-incentive-2.pdf 2019-03-28 17:48 - 2019-03-28 17:48 - 000143080 _____ C:\Users\sir9b\Downloads\nissan-leaf-incentive-federal-1002.pdf 2019-03-27 06:42 - 2019-03-27 06:42 - 001684692 _____ C:\Users\sir9b\Downloads\2018 Gayle's K-1 (NOVEL PARTNERS LLC) (1).pdf 2019-03-27 06:42 - 2019-03-27 06:42 - 001576504 _____ C:\Users\sir9b\Downloads\2018 Bob's K-1 (NOVEL PARTNERS LLC) (1).pdf 2019-03-27 05:59 - 2019-03-27 05:59 - 003073240 _____ C:\Users\sir9b\Downloads\Employees Benefits Guide.pdf 2019-03-25 07:54 - 2019-03-25 07:54 - 000052269 _____ C:\Users\sir9b\Downloads\2018 Gayle's K-1 (NOVEL PARTNERS LLC).pdf 2019-03-24 06:07 - 2019-03-24 06:07 - 000050840 _____ C:\Users\sir9b\Downloads\2018 Bob's K-1 (NOVEL PARTNERS LLC).pdf 2019-03-20 15:37 - 2019-03-22 05:37 - 000339822 _____ C:\Users\sir9b\Downloads\Hoodstock 2019 Donations for Raffle.pdf ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-18 16:57 - 2018-08-07 06:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-04-18 16:57 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-04-18 13:43 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF 2019-04-17 20:51 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-04-17 20:51 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-04-17 06:51 - 2018-08-07 07:05 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-04-17 06:51 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Registration 2019-04-17 06:51 - 2018-02-25 19:12 - 000000000 ____D C:\ProgramData\Package Cache 2019-04-17 06:48 - 2018-11-01 18:43 - 000000000 ___RD C:\Users\sir9b\OneDrive - CHANGING HANDS BOOK STO 2019-04-17 06:48 - 2018-06-17 11:55 - 000000000 ___RD C:\Users\sir9b\OneDrive 2019-04-17 06:45 - 2019-02-21 05:19 - 000354872 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-04-17 06:45 - 2018-06-21 11:21 - 000000000 ____D C:\ProgramData\NVIDIA 2019-04-17 06:45 - 2018-06-17 11:51 - 000000000 __SHD C:\Users\sir9b\IntelGraphicsProfiles 2019-04-17 06:44 - 2018-10-22 19:31 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-04-17 06:44 - 2018-08-07 07:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-04-17 06:43 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-04-17 06:41 - 2018-02-25 19:12 - 000000000 ____D C:\ProgramData\Intel 2019-04-12 12:15 - 2018-02-25 19:11 - 000000000 ____D C:\ProgramData\PCDr 2019-04-11 09:13 - 2018-02-25 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2019-04-11 09:12 - 2018-02-25 19:11 - 000000000 ____D C:\ProgramData\SupportAssist 2019-04-10 22:19 - 2018-06-17 12:02 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-10 22:19 - 2018-06-17 12:02 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-04-10 19:05 - 2018-04-12 02:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-04-10 19:05 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-04-10 19:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-04-10 19:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-04-10 19:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-04-10 14:46 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-04-10 14:34 - 2018-06-20 06:23 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-04-10 14:30 - 2018-06-20 06:23 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-04-10 14:16 - 2018-06-20 06:54 - 000000000 ____D C:\ProgramData\Packages 2019-04-10 14:16 - 2018-06-17 11:51 - 000000000 ____D C:\Users\sir9b\AppData\Local\Packages 2019-04-10 14:07 - 2018-02-25 19:14 - 000000000 ____D C:\ProgramData\Dell 2019-04-10 07:22 - 2019-01-10 09:15 - 000000000 ____D C:\Users\sir9b\AppData\Local\CrashDumps 2019-04-09 22:00 - 2018-08-07 06:54 - 000000000 ____D C:\Users\sir9b 2019-04-09 21:51 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-04-09 06:25 - 2018-06-20 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-04-05 13:27 - 2018-08-01 20:48 - 000000000 ____D C:\Program Files\rempl 2019-03-31 15:31 - 2018-06-30 06:42 - 000000000 ____D C:\Program Files\Opera 2019-03-31 06:01 - 2019-02-08 20:04 - 000000000 ____D C:\ProgramData\Citrix 2019-03-29 07:09 - 2018-08-14 09:07 - 000000000 ____D C:\Users\sir9b\AppData\Roaming\Nuance 2019-03-27 22:13 - 2018-08-07 07:09 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-03-27 22:13 - 2018-08-07 07:09 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-03-23 13:39 - 2018-08-09 05:51 - 000000000 ____D C:\Users\sir9b\AppData\Local\PlaceholderTileLogoFolder 2019-03-23 03:29 - 2018-08-25 03:32 - 000000259 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt 2019-03-23 03:23 - 2018-08-25 03:27 - 000000000 _____ C:\WINDOWS\SysWOW64\SpyWareFolderstoFilter.txt 2019-03-20 17:37 - 2018-10-12 05:49 - 000000000 ____D C:\WINDOWS\Minidump ==================== Files in the root of some directories ======= 2019-01-30 20:16 - 2019-01-30 20:13 - 003644744 _____ () C:\Users\Public\BrMain488.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-07 06:48 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019 Ran by sir9b (18-04-2019 17:06:27) Running from C:\Users\sir9b\Downloads Windows 10 Pro Version 1803 17134.706 (X64) (2018-08-07 14:10:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-670212906-3066847214-2374188655-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-670212906-3066847214-2374188655-503 - Limited - Disabled) Guest (S-1-5-21-670212906-3066847214-2374188655-501 - Limited - Disabled) sir9b (S-1-5-21-670212906-3066847214-2374188655-1001 - Administrator - Enabled) => C:\Users\sir9b WDAGUtilityAccount (S-1-5-21-670212906-3066847214-2374188655-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ashampoo WinOptimizer 16 (HKLM-x32\...\{4209F371-C47A-1204-F2BA-6FD6E5BB1B50}_is1) (Version: 16.00.21 - Ashampoo GmbH & Co. KG) Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon iP8700 series On-screen Manual (HKLM-x32\...\Canon iP8700 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon iP8700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP8700_series) (Version: - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) Citrix Workspace 1903 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 19.3.0.4 - Citrix Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dell Digital Delivery Services (HKLM-x32\...\{4E63542A-F61E-4A6C-9732-13F3425C1758}) (Version: 4.0.34.0 - Dell Inc.) Dell Mobile Connect Drivers (HKLM\...\{AAB336F0-6FC6-4BFE-AD7E-315FCDF20156}) (Version: 1.1.3750 - Screenovate Technologies Ltd.) Dell SupportAssist (HKLM\...\{45FD01F4-B11B-4A58-B465-1D600B5CDF64}) (Version: 3.2.0.90 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{5832D99C-C9C6-437F-861C-43ED6333956F}) (Version: 4.1.0.6828 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{48253a97-70d4-4166-9a2b-80b3bb2fcc75}) (Version: 4.1.0.6828 - Dell Inc.) Dell Update - SupportAssist Update Plugin (HKLM\...\{ED23034C-BB55-432A-B216-C3DCC768A7D3}) (Version: 4.1.0.6828 - Dell Inc.) Hidden Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{de2492a6-682a-49a4-87be-f8448e1af207}) (Version: 4.1.0.6828 - Dell Inc.) Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.) DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.) Grammarly (HKU\S-1-5-21-670212906-3066847214-2374188655-1001\...\GrammarlyForWindows) (Version: 1.5.41 - Grammarly) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation) Intel(R) Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation) Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-670212906-3066847214-2374188655-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Online Plug-in (HKLM-x32\...\{9F4CCBB9-B00C-4B46-9960-894BB11B3AFA}) (Version: 19.3.0.4 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation) Opera Stable 58.0.3135.127 (HKLM-x32\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.3.15 - Qualcomm Atheros) Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm) Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.22.3 - Razer Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.3.13.964 - Razer Inc.) Razer SoftMiner (HKLM-x32\...\Razer SoftMiner_is1) (Version: 1.1.6922.36844 - Razer Inc.) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.1216.122121 - Razer Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.) Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Self-service Plug-in (HKLM-x32\...\{B815B8CF-B8B3-495B-9DBB-FB056B2C33ED}) (Version: 19.3.0.4 - Citrix Systems, Inc.) Hidden SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.0.13880 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-670212906-3066847214-2374188655-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0 CustomCLSID: HKU\S-1-5-21-670212906-3066847214-2374188655-1001_Classes\CLSID\{04271989-C4D2-3291-3DC1-22035E147307} -> [OneDrive - CHANGING HANDS BOOK STO] => C:\Users\sir9b\OneDrive - CHANGING HANDS BOOK STO [2018-11-01 18:43] CustomCLSID: HKU\S-1-5-21-670212906-3066847214-2374188655-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_364f43f2a27f7bd7\igfxDTCM.dll [2018-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-09] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2B7D7675-00BD-4660-8B33-F85AB178362A} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Rivet Networks LLC -> DELL) Task: {73B914F0-628A-41ED-B6BA-5E50922BB2D6} - System32\Tasks\Opera scheduled Autoupdate 1530366184 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software) Task: {9D38CAE9-7705-4998-8634-0F9B637E9DEE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe (Dell Inc. -> Dell Inc.) Task: {A12C3A7B-BB9D-4D26-A4C4-906D86F92EF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {DF98C7EE-3D5E-4D0A-B984-1F751F6E8927} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {EF19A1E3-CF48-4675-9AAF-1A6E2F8D3ACE} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-09-07 17:36 - 2013-09-11 15:50 - 000360448 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL 2018-06-21 11:22 - 2015-03-13 12:41 - 000930888 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2018-12-04 12:10 - 2018-12-04 12:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll 2018-08-14 09:25 - 2012-07-05 04:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2018-08-14 09:25 - 2005-04-21 21:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2018-06-21 11:22 - 2015-03-13 12:41 - 001514528 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll 2018-08-14 09:25 - 2012-09-06 21:06 - 000393216 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe 2018-08-14 09:25 - 2012-06-05 15:56 - 000266240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe 2018-08-14 09:25 - 2012-09-06 21:11 - 001327104 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe 2019-03-15 15:51 - 2019-03-15 15:51 - 000018432 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll 2005-09-07 14:03 - 2005-09-07 14:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll 2018-08-14 09:28 - 2018-08-14 09:28 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll 2018-08-14 09:25 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2018-08-14 09:25 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2018-08-14 09:25 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2018-08-14 09:25 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll 2018-08-14 09:25 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2018-08-14 09:25 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000086016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000037888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll 2019-04-09 21:51 - 2019-03-13 09:22 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\sir9b\OneDrive\Documents\Adam-Marya Wedding:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\sir9b\OneDrive\Documents\Custom Office Templates:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\sir9b\OneDrive\Documents\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\sir9b\OneDrive\Documents\M's Health Ins Options:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\sir9b\OneDrive\Documents\My PaperPort Documents:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\sir9b\OneDrive\Documents\MyWebPages:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL HKU\S-1-5-21-670212906-3066847214-2374188655-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "CanonQuickMenu" HKLM\...\StartupApproved\Run: => "IndexSearch" HKLM\...\StartupApproved\Run: => "PaperPort PTD" HKLM\...\StartupApproved\Run: => "PDF5 Registry Controller" HKLM\...\StartupApproved\Run: => "PDFHook" HKLM\...\StartupApproved\Run: => "PPort12reminder" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0755EE84-8966-4228-8DF4-1C6684FB4BAB}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{D8051D89-FB37-4F28-854B-C9896BD4E08F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{22246ECC-C5C4-490F-AC5D-078E43CF1761}] => (Allow) LPort=54925 FirewallRules: [{3617E248-21D7-4ACF-A3F7-3A0E7D8FD659}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{313BB72B-2FDF-481E-85F2-8098B05D728A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{E4BAADA4-0378-4112-8CA4-D207F4B0F3BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{D3AA7504-F935-4527-9830-F7866B33A32A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [TCP Query User{0011ACF4-B76C-4710-AE3F-0E5CF97A4AE9}C:\users\sir9b\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\sir9b\appdata\local\temp\g2_2329\g2viewer.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [UDP Query User{86017A43-9EFC-4986-A1E0-8811F4EB4EBC}C:\users\sir9b\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\sir9b\appdata\local\temp\g2_2329\g2viewer.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [{6BAD60A8-72A9-413E-8404-226EDA8A3445}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.7811.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) FirewallRules: [{2EACB1B1-CC67-450B-9163-2D5AE04426B2}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.7811.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) FirewallRules: [{5E675A3F-490B-42AD-A741-08DA8C24F092}] => (Allow) C:\Program Files\Opera\58.0.3135.118\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{E3245A78-10E3-444D-9CDA-D1269155C446}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{6DD8B8EB-90BC-49A1-A678-9FD31F93505B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{7CA91D52-370C-4B6C-8C15-82B2D1CB57CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11425.20204.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 05-04-2019 13:25:29 Windows Update 10-04-2019 14:29:21 Windows Update 17-04-2019 06:46:20 Intel(R) Trusted Connect Services Client ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/18/2019 12:43:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DDVDataCollector.exe, version: 5.2.8.103, time stamp: 0x5c781a2a Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0 Exception code: 0xc0000374 Fault offset: 0x00000000000f479b Faulting process id: 0x19d8 Faulting application start time: 0x01d4f524dce478b5 Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: e9e04acd-4739-4a6a-9389-5977fd1149aa Faulting package full name: Faulting package-relative application ID: Error: (04/17/2019 06:50:59 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/17/2019 06:41:26 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (04/17/2019 06:39:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Faulting module name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Exception code: 0xc0000005 Fault offset: 0x000118fe Faulting process id: 0x188 Faulting application start time: 0x01d4f522fb7c13f9 Faulting application path: C:\WINDOWS\TEMP\inv5FE1_tmp\Executables\DRVUpdate.exe Faulting module path: C:\WINDOWS\TEMP\inv5FE1_tmp\Executables\DRVUpdate.exe Report Id: 30961b32-1aae-48df-b788-e9fe7c0287af Faulting package full name: Faulting package-relative application ID: Error: (04/17/2019 06:39:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Faulting module name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Exception code: 0xc0000005 Fault offset: 0x000118fe Faulting process id: 0x7924 Faulting application start time: 0x01d4f522f91e2928 Faulting application path: C:\WINDOWS\TEMP\inv5FE1_tmp\Executables\DRVUpdate.exe Faulting module path: C:\WINDOWS\TEMP\inv5FE1_tmp\Executables\DRVUpdate.exe Report Id: 75974cbd-629e-46fa-8c0d-735dd27db665 Faulting package full name: Faulting package-relative application ID: Error: (04/17/2019 06:38:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Faulting module name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Exception code: 0xc0000005 Fault offset: 0x000118fe Faulting process id: 0x8ee4 Faulting application start time: 0x01d4f522dc04b7e1 Faulting application path: C:\WINDOWS\TEMP\inv7320_tmp\Executables\DRVUpdate.exe Faulting module path: C:\WINDOWS\TEMP\inv7320_tmp\Executables\DRVUpdate.exe Report Id: fcf48ff2-cd77-412f-8d27-8209baba9837 Faulting package full name: Faulting package-relative application ID: Error: (04/17/2019 06:38:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Faulting module name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Exception code: 0xc0000005 Fault offset: 0x000118fe Faulting process id: 0x8b68 Faulting application start time: 0x01d4f522d4edbb86 Faulting application path: C:\WINDOWS\TEMP\inv7320_tmp\Executables\DRVUpdate.exe Faulting module path: C:\WINDOWS\TEMP\inv7320_tmp\Executables\DRVUpdate.exe Report Id: d643f766-4f55-4587-b9f3-083f2663e683 Faulting package full name: Faulting package-relative application ID: Error: (04/16/2019 09:45:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Faulting module name: DRVUpdate.exe, version: 1.1.1.1, time stamp: 0x5c98c348 Exception code: 0xc0000005 Fault offset: 0x000118fe Faulting process id: 0x74d8 Faulting application start time: 0x01d4f473d34f5782 Faulting application path: C:\WINDOWS\TEMP\inv3E50_tmp\Executables\DRVUpdate.exe Faulting module path: C:\WINDOWS\TEMP\inv3E50_tmp\Executables\DRVUpdate.exe Report Id: 25c17f73-8f64-4042-b3b8-bf43ee051570 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/18/2019 12:43:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). Error: (04/17/2019 06:50:29 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-P7U5D2T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-P7U5D2T\sir9b SID (S-1-5-21-670212906-3066847214-2374188655-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2019 06:50:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2019 06:48:57 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-P7U5D2T) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DESKTOP-P7U5D2T\sir9b SID (S-1-5-21-670212906-3066847214-2374188655-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2019 06:48:53 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-P7U5D2T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-P7U5D2T\sir9b SID (S-1-5-21-670212906-3066847214-2374188655-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2019 06:48:08 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-P7U5D2T) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DESKTOP-P7U5D2T\sir9b SID (S-1-5-21-670212906-3066847214-2374188655-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2019 06:45:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2019 06:45:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2019-04-18 02:37:43.563 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-18 02:37:43.553 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-18 02:37:43.548 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-18 02:37:43.512 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-18 02:37:43.509 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-18 02:37:43.494 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-17 02:38:33.321 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-17 02:38:33.310 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz Percentage of memory in use: 89% Total physical RAM: 8100.14 MB Available physical RAM: 833.14 MB Total Virtual: 13220.14 MB Available Virtual: 3069.45 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.37 GB) (Free:856.04 GB) NTFS \\?\Volume{01cccc92-bdca-4663-80d9-2e6ee4649697}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.07 GB) NTFS \\?\Volume{db0bfe5a-a423-4452-b313-a474b7fd6726}\ (Image) (Fixed) (Total:11.01 GB) (Free:0.21 GB) NTFS \\?\Volume{dd720171-300f-4ee4-a7b2-63dad2489506}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.45 GB) NTFS \\?\Volume{3a858e61-d25a-44a3-ae22-58d182c8c1ee}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: EA6395CB) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 19, 2019 Root Admin ID:1308696 Share Posted April 19, 2019 Hello @sir9bob and Please run the following for me and attach all logs. Copy/Paste to the forum does not always translate the logs properly. Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 25, 2019 Root Admin ID:1309476 Share Posted April 25, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts