|
#1
March 16th, 2018, 04:44 PM
|
|||
|
|||
|
Got a Virus
I keep getting pop up web browser windows that I've got a virus and then it won't let me close it.
I believe i clicked on an email that i thought was from my insurance carrier but turns out they were hacked. 
|
|
#2
March 22nd, 2018, 08:24 PM
|
||||
|
||||
|
Hello Skydevil and Welcome to the CyberTechHelp Forums.
 . Let's check. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* I Would like you to do the followig; Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
|
#3
March 28th, 2018, 04:55 PM
|
|||
|
|||
|
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by User (27-03-2018 20:17:31) Running from C:\Users\User\Downloads Windows 8.1 Pro (Update) (X64) (2017-12-29 23:02:39) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-2191935193-2170755763-1873414145-500 - Administrator - Disabled) Guest (S-1-5-21-2191935193-2170755763-1873414145-501 - Limited - Disabled) User (S-1-5-21-2191935193-2170755763-1873414145-1001 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Act! Pro (HKLM-x32\...\{140B48AD-7D99-4CAA-ACE1-2A3CD6AF412B}) (Version: 17.2.0.0 - Swiftpage ACT! LLC) Hidden Act! Pro (HKLM-x32\...\InstallShield_{140B48AD-7D99-4CAA-ACE1-2A3CD6AF412B}) (Version: 17.2.0.0 - Swiftpage ACT! LLC) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.) AdWords Editor (HKLM-x32\...\{5D5A3940-C665-11E7-B232-480FCF5D6515}) (Version: 12.2.1.0 - Google) Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.27.3 - Synaptics Incorporated) Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation) Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.1.0 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION) EPSON XP-420 Series Printer Uninstall (HKLM\...\EPSON XP-420 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) Fitbit Connect (HKLM-x32\...\{30C7C152-D711-4A39-AD18-3F675AEAD50A}) (Version: 2.0.2.6982 - Fitbit Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation) Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation) Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla) Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.6.12 - Quicken) SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation) Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Yamaha Steinberg USB Driver (HKLM\...\{1AE66176-C480-4A76-AEFB-5E59942D134A}) (Version: 1.10.0 - Yamaha Corporation) Hidden Yamaha Steinberg USB Driver (HKLM-x32\...\yUninstall_{2938B185-2D57-47B0-9FC8-C90A67BA9277}) (Version: 1.10.0 - Yamaha Corporation) YellowPageCrawler (HKLM-x32\...\{7223C4AB-7B6C-4CCB-AAC7-92190FB100B1}) (Version: 2.2.4 - XShan Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.7 \psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.7 \psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-10-25] (Intel Corporation) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {015314C8-2AEC-4B56-B8F2-5B84EEB0A86A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2191935193-2170755763-1873414145-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUp date.exe [2018-01-29] (Google Inc.) Task: {07173794-FB1F-41A7-90B9-5A4B1BE1C5E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {2C510E1A-A85E-460A-8DC7-15A0A581148F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2191935193-2170755763-1873414145-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUp date.exe [2018-01-29] (Google Inc.) Task: {3CAADC7A-5F74-4260-9A0A-5B39BD2840B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2018-03-14] (Adobe Systems Incorporated) Task: {3F0A38A9-9360-4618-B8FE-0808F9B4FBE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {45FAB505-0F60-42EB-87EF-CD28CBD178D4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_ 0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated) Task: {B9BA9E0B-D292-408D-A4AC-7ACB0F6A2BF1} - System32\Tasks\EPSON XP-420 Series Update {F83E90B3-8099-4000-9872-E731DDF2814B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNAE.E XE [2013-11-22] (SEIKO EPSON CORPORATION) Task: {C5839807-D66C-4913-A19E-AFB3AFF842B3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {CD7E5E5A-3AD7-452B-B6A9-D8A713331CAB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-02] (Dropbox, Inc.) Task: {E5388AAB-0B1E-4314-9355-F31210BFAE5E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-02] (Dropbox, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\EPSON XP-420 Series Update {F83E90B3-8099-4000-9872-E731DDF2814B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNAE.E XE:/EXE:{F83E90B3-8099-4000-9872-E731DDF2814B} /F:UpdateWORKGROUP\CENDECONHUB$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-01-02 16:36 - 2018-01-02 16:36 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2018-01-02 16:31 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-10-25 02:08 - 2016-10-25 02:08 - 000401912 _____ () C:\Windows\system32\igfxTray.exe 2017-06-14 13:08 - 2017-06-14 13:08 - 067718656 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2017-10-06 17:06 - 2017-10-06 17:06 - 000068608 ____R () C:\Program Files (x86)\Fitbit Connect\MP3Gain.dll 2018-03-15 11:34 - 2018-03-15 04:50 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2018-03-15 11:34 - 2018-03-15 04:50 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2018-01-02 19:33 - 2018-03-15 04:50 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings. _constant_time.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings. _openssl.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings. _padding.pyd 2018-03-15 11:34 - 2018-03-15 04:50 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2018-03-15 11:34 - 2018-03-15 04:50 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2018-01-02 19:33 - 2018-03-15 04:50 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_c rt.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2018-03-15 11:34 - 2018-03-15 04:50 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2018-03-15 11:34 - 2018-03-15 04:50 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2018-01-02 19:33 - 2018-03-15 04:53 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._win ffi_kernel32.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.p yd 2018-03-15 11:34 - 2018-03-15 04:52 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.p yd 2018-01-02 19:33 - 2018-03-15 04:53 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinE numHandles.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._Captu reScreenshot.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCSer ver.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winff i_user32.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._win ffi_iphlpapi.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._win ffi_winerror.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winf fi_wininet.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled ._driverinstallation.pyd 2018-01-02 19:33 - 2018-03-15 04:50 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2018-01-02 19:33 - 2018-03-15 04:53 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._ VerifySignature.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyn cffi.pyd 2018-03-15 11:34 - 2018-03-15 04:50 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2018-01-11 11:23 - 2018-03-15 04:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._win ffi_advapi32.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2018-01-02 19:33 - 2018-03-15 04:53 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.p yd 2018-03-15 11:34 - 2018-03-15 04:52 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2018-03-15 11:34 - 2018-03-15 04:52 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2018-01-02 19:33 - 2018-03-15 04:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winf fi_winhttp.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2018-03-15 11:34 - 2018-03-15 04:52 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2018-03-27 20:12 - 000000828 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EC177BDC-08C3-435B-8D9C-0D833E7D8564}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{54E2CA4B-BF99-4376-B86B-E521DEA5FF52}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\One Drive.exe FirewallRules: [{94EE2A61-38D7-430D-8043-B3D3C8A08F68}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AC2126B9-92B9-4043-8FB2-103C33F35BDA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{0E57C83E-D90E-4B7D-8DA0-FA0D1CE3ACF2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{9289DCEC-C42A-4FC2-A744-68EE7C778BCF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{6347D601-AA27-4BA0-9AB5-B7BF6E7324DE}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{3F874171-C04B-4786-8F33-A490E1F85869}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{ECDE7111-D28E-4AB2-8262-631E54E6B299}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{CF7314A1-9E3B-4970-99F5-7B1D7B682689}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{675ED45F-16A5-403B-B6D1-79444E70CFAA}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe FirewallRules: [{8FC0174B-8C00-449E-BFAE-DEA64818E043}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\ActEmail.exe FirewallRules: [{185E6C38-C6D6-4785-AD35-D66D2F8EEE4D}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act15.exe FirewallRules: [{2D73D2D1-4D0F-478E-B619-7A2E23BD5607}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe FirewallRules: [{52BAFE6C-E8D0-4091-9FF7-D3DB3203E92B}] => (Allow) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe FirewallRules: [{2517049A-1C12-4E0D-9CEA-4233FFE5EAF6}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe FirewallRules: [{F41FC90B-4EA3-42F3-8FC8-C43784AC0394}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe FirewallRules: [{26D6C8F7-1C3F-4AFB-B159-CE0EF10E11CF}] => (Allow) LPort=1434 FirewallRules: [{1384517E-6EBF-4BEE-B53D-8EF4CBCDFF8D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 05-03-2018 12:19:52 Installed Yamaha Steinberg USB Driver 17-03-2018 02:30:20 Scheduled Checkpoint 24-03-2018 04:15:11 Scheduled Checkpoint 27-03-2018 20:15:23 Removed iSEEK AnswerWorks English Runtime ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/27/2018 08:15:06 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest. Error: (03/27/2018 08:14:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: CENDECONHUB) Description: Product: ICA -- Error 1706.No valid source could be found for product ICA. The Windows Installer cannot continue. Error: (03/27/2018 08:14:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: CENDECONHUB) Description: Product: IPM -- Error 1706.No valid source could be found for product IPM. The Windows Installer cannot continue. Error: (03/27/2018 08:14:15 PM) (Source: MsiInstaller) (EventID: 11706) (User: CENDECONHUB) Description: Product: Corel WinDVD -- Error 1706.No valid source could be found for product Corel WinDVD. The Windows Installer cannot continue. Error: (03/27/2018 08:14:14 PM) (Source: MsiInstaller) (EventID: 11706) (User: CENDECONHUB) Description: Product: Setup -- Error 1706.No valid source could be found for product Setup. The Windows Installer cannot continue. Error: (03/27/2018 08:14:14 PM) (Source: MsiInstaller) (EventID: 11706) (User: CENDECONHUB) Description: Product: Setup -- Error 1706.No valid source could be found for product Setup. The Windows Installer cannot continue. Error: (03/27/2018 08:13:02 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest. Error: (03/24/2018 10:35:51 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f 33d3ecbe86e8.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec 6aab013aafee.manifest. System errors: ============= Error: (03/27/2018 03:55:21 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (03/27/2018 03:54:51 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (03/26/2018 02:17:20 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (03/26/2018 02:16:50 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (03/25/2018 04:16:03 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (03/25/2018 04:15:28 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (03/24/2018 03:50:51 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (03/24/2018 03:50:20 AM) (Source: DCOM) (EventID: 10010) (User: CENDECONHUB) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2018-03-18 14:35:32.472 Description: Windows Defender scan has been stopped before completion. Scan ID: {3E97A697-30AF-4E04-A43A-8473E72A4E4D} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-03-18 14:20:55.256 Description: Windows Defender scan has been stopped before completion. Scan ID: {C79F61AC-8B97-4512-899B-C1E3177E98F2} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-03-18 14:09:47.602 Description: Windows Defender scan has been stopped before completion. Scan ID: {E3AA52F0-5456-44AA-97AE-B8D81E23CD62} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-25 12:03:26.576 Description: Windows Defender scan has been stopped before completion. Scan ID: {2BBB7497-F21F-4039-AE27-53068C0C43C1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-05 14:05:25.933 Description: Windows Defender scan has been stopped before completion. Scan ID: {08423DA2-FE3C-4EA6-98CD-64DFAEDA5E54} Scan Type: Antimalware Scan Parameters: Full Scan ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Percentage of memory in use: 42% Total physical RAM: 8096.75 MB Available physical RAM: 4635.82 MB Total Virtual: 16288.75 MB Available Virtual: 12537.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.29 GB) (Free:384.41 GB) NTFS Drive d: (H5_SD) (Removable) (Total:28.96 GB) (Free:28.8 GB) FAT32 \\?\Volume{91c0fee4-eceb-11e7-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 1E37C763) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.3 GB) - (Type=07 NTFS) ================================================== ====== Disk: 1 (Protective MBR) (Size: 29 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
|
|
#4
March 28th, 2018, 04:55 PM
|
|||
|
|||
|
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by User (administrator) on CENDECONHUB (27-03-2018 20:16:46) Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINAE. EXE (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [18944 2015-06-23] (Swiftpage ACT! LLC) HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [268984 2015-06-23] (Swiftpage ACT! LLC) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7285920 2017-10-06] (Fitbit, Inc.) HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINAE. EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7285920 2017-10-06] (Fitbit, Inc.) HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.7 \GoogleUpdateCore.exe [601680 2018-01-29] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-01-08] ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{61198563-95A6-48D4-9E89-83629CBB891E}: [DhcpNameServer] 192.168.200.100 8.8.8.8 Tcpip\..\Interfaces\{B5E065D0-DC1E-4B00-98B0-159CD0F214B6}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> DefaultScope {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-23] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-23] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft) BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-01-02] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 3el1ez1i.default FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\3el1ez1i.default [2018-03-27] FF Session Restore: Mozilla\Firefox\Profiles\3el1ez1i.default -> is enabled. FF Extension: (Open Google Calendar in a new tab) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\3el1ez1i.default\Extensions\{40c9c847-d965-4817-8dc0-29ce513cdc54}.xpi [2018-01-03] FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\3el1ez1i.default\features\{b173f6ee-34d6-44ef-87e8-7d1869b72522}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-24] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_ 113.dll [2018-03-14] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_ 113.dll [2018-03-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201 .dll [2017-11-02] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-01-02] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2191935193-2170755763-1873414145-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.7 \npGoogleUpdate3.dll [2018-01-29] (Google Inc.) FF Plugin HKU\S-1-5-21-2191935193-2170755763-1873414145-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.7 \npGoogleUpdate3.dll [2018-01-29] (Google Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2015-06-23] (Swiftpage ACT! LLC) [File not signed] R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2015-06-23] (Microsoft) [File not signed] R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2015-06-23] (Microsoft) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-02] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-02] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.) R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (Seiko Epson Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [6106112 2017-10-06] (Fitbit, Inc.) [File not signed] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-10-25] (Intel Corporation) R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [251832 2010-12-02] (arvato digital services llc) S4 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247400 2015-11-02] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [31136 2015-05-28] (ELAN Microelectronic Corp.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R1 MpKsl726dc821; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{77BB7F2E-E30E-4CAD-BBDE-E353675EF791}\MpKsl726dc821.sys [58120 2018-03-27] (Microsoft Corporation) R3 NETwNs64; C:\Windows\system32\DRIVERS\Netwsw04.sys [3370248 2016-02-27] (Intel Corporation) S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 ysusb_w8_1_64; C:\Windows\system32\drivers\ysusb_w8_1_64.sys [157088 2017-12-19] (Yamaha Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-27 20:10 - 2018-03-27 20:10 - 002403328 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2018-03-20 10:09 - 2018-03-20 10:09 - 000376058 _____ C:\Users\User\Desktop\f23416c775aac21f931785d3911b ddf7.htm 2018-03-15 13:37 - 2018-03-02 11:55 - 000834552 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-15 13:37 - 2018-03-02 11:55 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-15 13:35 - 2018-03-15 13:35 - 654141545 _____ C:\Windows\MEMORY.DMP 2018-03-15 13:35 - 2018-03-15 13:35 - 000427336 _____ C:\Windows\Minidump\031518-105015-01.dmp 2018-03-15 11:35 - 2018-03-15 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-03-15 04:50 - 2018-03-15 04:50 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-03-15 04:50 - 2018-03-15 04:50 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-03-15 04:50 - 2018-03-15 04:50 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-03-15 04:50 - 2018-03-15 04:50 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-03-14 02:55 - 2018-03-14 02:55 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-03-13 13:18 - 2018-02-13 07:20 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-03-13 13:18 - 2018-02-13 07:20 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-03-13 13:17 - 2018-03-03 00:24 - 007407960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-03-13 13:17 - 2018-03-03 00:24 - 000419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-03-13 13:17 - 2018-03-03 00:11 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-03-13 13:17 - 2018-03-03 00:11 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-03-13 13:17 - 2018-03-03 00:11 - 001536120 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2018-03-13 13:17 - 2018-03-03 00:11 - 001500432 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-03-13 13:17 - 2018-03-03 00:11 - 001371352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2018-03-13 13:17 - 2018-03-02 22:23 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-03-13 13:17 - 2018-03-02 22:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-03-13 13:17 - 2018-02-21 14:09 - 000022816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbldfltr.sys 2018-03-13 13:17 - 2018-02-18 13:53 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-03-13 13:17 - 2018-02-16 08:51 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-03-13 13:17 - 2018-02-16 08:51 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-03-13 13:17 - 2018-02-16 08:45 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-03-13 13:17 - 2018-02-16 08:44 - 013678080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-03-13 13:17 - 2018-02-16 08:28 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2018-03-13 13:17 - 2018-02-16 08:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-03-13 13:17 - 2018-02-16 08:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-03-13 13:17 - 2018-02-16 08:19 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-03-13 13:17 - 2018-02-16 07:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-03-13 13:17 - 2018-02-16 07:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-03-13 13:17 - 2018-02-15 08:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-03-13 13:17 - 2018-02-15 07:57 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-03-13 13:17 - 2018-02-14 14:45 - 000145024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-03-13 13:17 - 2018-02-13 07:20 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-03-13 13:17 - 2018-02-13 07:20 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-03-13 13:17 - 2018-02-13 07:20 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-03-13 13:17 - 2018-02-13 07:20 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-03-13 13:17 - 2018-02-13 07:20 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-03-13 13:17 - 2018-02-13 07:20 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-03-13 13:17 - 2018-02-13 07:20 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-03-13 13:17 - 2018-02-10 13:24 - 000178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-03-13 13:17 - 2018-02-10 12:29 - 000274272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2018-03-13 13:17 - 2018-02-10 12:29 - 000124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS 2018-03-13 13:17 - 2018-02-10 12:29 - 000065888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS 2018-03-13 13:17 - 2018-02-10 12:29 - 000062304 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys 2018-03-13 13:17 - 2018-02-10 12:29 - 000021856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys 2018-03-13 13:17 - 2018-02-10 12:29 - 000017240 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys 2018-03-13 13:17 - 2018-02-10 12:25 - 000533856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys 2018-03-13 13:17 - 2018-02-10 12:08 - 001307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-03-13 13:17 - 2018-02-10 12:06 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys 2018-03-13 13:17 - 2018-02-10 10:50 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-03-13 13:17 - 2018-02-10 10:40 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-03-13 13:17 - 2018-02-10 10:40 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-03-13 13:17 - 2018-02-10 10:37 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-03-13 13:17 - 2018-02-10 10:27 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-03-13 13:17 - 2018-02-10 10:26 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2018-03-13 13:17 - 2018-02-10 10:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-03-13 13:17 - 2018-02-10 10:10 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-03-13 13:17 - 2018-02-10 10:09 - 003757056 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2018-03-13 13:17 - 2018-02-10 10:06 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-03-13 13:17 - 2018-02-10 10:03 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2018-03-13 13:17 - 2018-02-10 10:01 - 000617472 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe 2018-03-13 13:17 - 2018-02-10 10:00 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-03-13 13:17 - 2018-02-10 09:59 - 000404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll 2018-03-13 13:17 - 2018-02-10 09:58 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2018-03-13 13:17 - 2018-02-10 09:57 - 015281664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-03-13 13:17 - 2018-02-10 09:54 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-03-13 13:17 - 2018-02-10 09:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-03-13 13:17 - 2018-02-10 09:50 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-03-13 13:17 - 2018-02-10 09:50 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-03-13 13:17 - 2018-02-10 09:48 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-03-13 13:17 - 2018-02-10 09:47 - 002134016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-03-13 13:17 - 2018-02-10 09:46 - 002412544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2018-03-13 13:17 - 2018-02-10 09:44 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-03-13 13:17 - 2018-02-10 09:43 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-03-13 13:17 - 2018-02-10 09:40 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-03-13 13:17 - 2018-02-10 09:39 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2018-03-13 13:17 - 2018-02-10 09:35 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-03-13 13:17 - 2018-02-10 09:34 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-03-13 13:17 - 2018-02-10 09:34 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-03-13 13:17 - 2018-02-10 09:33 - 002058240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-03-13 13:17 - 2018-02-10 09:33 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-03-13 13:17 - 2018-02-10 09:30 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-03-13 13:17 - 2018-02-10 09:29 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-03-13 13:17 - 2018-02-10 09:23 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-03-13 13:17 - 2018-02-10 09:12 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-03-13 13:17 - 2018-02-10 09:11 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-03-13 13:17 - 2018-02-10 09:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-03-13 13:17 - 2018-02-08 10:37 - 002779648 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2018-03-13 13:17 - 2018-02-08 09:57 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2018-03-13 13:17 - 2018-02-02 13:42 - 003320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2018-03-13 13:17 - 2018-02-02 12:24 - 003610112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2018-03-13 13:17 - 2018-01-26 12:04 - 001115648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2018-03-13 13:17 - 2018-01-12 11:18 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2018-03-13 13:17 - 2018-01-12 10:26 - 000393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2018-03-13 13:17 - 2018-01-11 11:39 - 000163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll 2018-03-13 13:17 - 2018-01-11 11:39 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll 2018-03-13 13:17 - 2018-01-11 11:34 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll 2018-03-13 13:17 - 2018-01-11 11:28 - 001562624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe 2018-03-13 13:17 - 2018-01-11 11:19 - 002364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll 2018-03-13 13:17 - 2018-01-11 11:10 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll 2018-03-13 13:17 - 2018-01-11 11:10 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll 2018-03-13 13:17 - 2018-01-11 11:04 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll 2018-03-13 13:17 - 2018-01-11 10:55 - 002003456 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe 2018-03-13 13:17 - 2018-01-11 10:42 - 002923520 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll 2018-03-13 13:17 - 2018-01-11 10:13 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2018-03-13 13:17 - 2018-01-10 07:48 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2018-03-13 13:17 - 2018-01-09 00:04 - 000276312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2018-03-13 13:17 - 2018-01-08 23:09 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll 2018-03-13 13:17 - 2018-01-08 23:06 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2018-03-13 13:17 - 2018-01-08 22:35 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2018-03-13 13:17 - 2018-01-08 22:35 - 000289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll 2018-03-13 13:17 - 2018-01-08 22:32 - 000826368 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll 2018-03-13 13:17 - 2018-01-08 22:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2018-03-13 13:17 - 2018-01-08 22:30 - 000260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll 2018-03-13 13:17 - 2018-01-08 22:29 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll 2018-03-13 13:17 - 2018-01-08 22:19 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2018-03-13 13:17 - 2018-01-08 22:09 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2018-03-13 13:17 - 2018-01-08 22:05 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll 2018-03-13 13:17 - 2018-01-08 21:59 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2018-03-13 13:17 - 2018-01-08 21:49 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll 2018-03-13 13:17 - 2018-01-08 21:46 - 001096192 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2018-03-13 13:17 - 2018-01-08 21:39 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll 2018-03-05 15:46 - 2018-03-05 15:46 - 000202576 _____ C:\Users\User\Desktop\untitled.wav 2018-03-05 12:20 - 2018-03-05 12:20 - 000000000 ____D C:\Program Files (x86)\Yamaha 2018-03-05 12:19 - 2018-03-05 12:20 - 000000000 ____D C:\ProgramData\Yamaha_Uninstaller 2018-03-02 20:49 - 2017-10-04 01:21 - 000029352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2018-03-02 20:49 - 2017-10-04 01:21 - 000019088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll 2018-03-02 20:49 - 2017-10-03 20:45 - 000030888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2018-03-02 20:49 - 2017-10-03 20:45 - 000019088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll 2018-03-02 18:57 - 2018-03-02 18:57 - 000330825 _____ C:\Users\User\Desktop\Cendecon AOA.pdf 2018-03-01 17:59 - 2018-03-01 17:59 - 000347839 _____ C:\Users\User\Desktop\PSC_Form.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-27 20:17 - 2018-01-02 11:44 - 000014252 _____ C:\Users\User\Downloads\FRST.txt 2018-03-27 20:16 - 2018-01-29 14:48 - 000000168 _____ C:\Users\User\BullseyeCoverageError.txt 2018-03-27 20:16 - 2018-01-02 11:38 - 000000000 ____D C:\FRST 2018-03-27 20:15 - 2018-01-03 13:05 - 000000000 ____D C:\Windows\system32\appmgmt 2018-03-27 20:12 - 2018-01-03 14:11 - 000000000 ____D C:\Users\User\AppData\Local\ClassicShell 2018-03-27 20:11 - 2018-01-02 19:18 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2018-03-27 19:47 - 2018-01-05 19:47 - 000000943 _____ C:\Windows\Tasks\EPSON XP-420 Series Update {F83E90B3-8099-4000-9872-E731DDF2814B}.job 2018-03-27 19:35 - 2018-01-02 19:30 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-03-27 19:03 - 2018-01-05 19:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Epson 2018-03-27 18:35 - 2018-01-02 19:30 - 000000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-03-26 08:08 - 2018-01-03 12:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Quicken 2018-03-24 10:43 - 2017-12-29 16:08 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2191935193-2170755763-1873414145-1001 2018-03-24 10:35 - 2018-01-02 19:20 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-03-24 10:35 - 2018-01-02 19:20 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-24 10:35 - 2018-01-02 19:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-24 10:30 - 2014-03-18 03:04 - 001025714 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-24 10:30 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf 2018-03-24 10:25 - 2017-12-29 16:48 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-03-24 10:25 - 2017-12-29 16:48 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles 2018-03-24 10:25 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-20 20:51 - 2018-01-09 19:39 - 000000000 ____D C:\Users\User\AppData\Roaming\audacity 2018-03-20 08:04 - 2018-01-03 18:45 - 000003176 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2191935193-2170755763-1873414145-1001 2018-03-20 08:04 - 2018-01-03 18:45 - 000002299 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OneDrive for Business.lnk 2018-03-19 10:16 - 2017-12-29 16:02 - 000000000 ____D C:\Users\User\AppData\Local\Packages 2018-03-17 20:39 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness 2018-03-17 02:31 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\rescache 2018-03-15 13:49 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-03-15 13:35 - 2018-02-23 12:12 - 000000000 ____D C:\Windows\Minidump 2018-03-15 13:35 - 2013-08-22 07:44 - 000372424 _____ C:\Windows\system32\FNTCACHE.DAT 2018-03-15 13:26 - 2018-01-02 10:24 - 000000000 ____D C:\Windows\system32\appraiser 2018-03-15 13:26 - 2013-08-22 08:36 - 000000000 ___RD C:\Windows\ToastData 2018-03-15 13:26 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\PolicyDefinitions 2018-03-15 11:35 - 2018-01-02 19:30 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-03-14 02:55 - 2018-02-05 14:26 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-03-14 02:55 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-14 02:55 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-13 19:16 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp 2018-03-13 19:15 - 2017-12-30 03:10 - 000000000 ____D C:\Windows\system32\MRT 2018-03-13 19:13 - 2017-12-30 03:10 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-03-13 19:13 - 2017-12-30 03:09 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-03-12 15:56 - 2018-01-02 11:46 - 000000000 ___RD C:\Users\User\Dropbox 2018-02-28 00:55 - 2018-01-02 11:17 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-02-27 23:32 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\LiveKernelReports ==================== Files in the root of some directories ======= 2018-01-08 18:30 - 2018-01-08 18:31 - 008935392 _____ (Swiftpage Act! LLC ) C:\Users\User\AppData\Roaming\act17sp2hf2bss.exe 2018-01-13 13:55 - 2018-01-13 13:55 - 000000000 ____H () C:\Users\User\AppData\Roaming\ActUpdate.log 2018-01-08 18:43 - 2018-01-08 18:43 - 000032478 _____ () C:\Users\User\AppData\Roaming\NGEN_AppLog_Install. txt 2018-01-03 13:55 - 2018-01-03 13:55 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== 2018-01-29 14:48 - 2018-01-29 14:48 - 000010520 _____ () C:\Users\User\AppData\Local\Temp\BullseyeCoverage-x86-3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-20 03:28 ==================== End of FRST.txt ============================
|
|
#5
March 29th, 2018, 11:50 PM
|
||||
|
||||
|
Hi Skydevil
C:\Users\User\Desktop\f23416c775aac21f931785d3911b ddf7.htm Is this file safe? ================================================== ===== Please do this, Please go to: VirusTotal On the page you'll find a "Upload and scan file" button. Click on the "Upload and scan file"button. "Choose File" C:\Users\User\AppData\Roaming\act17sp2hf2bss.exe Next, click the Open button. This will scan the file. Please be patient. Once scanned, copy and paste the link to the results page in your next reply. ================================================== = [DhcpNameServer] 192.168.200.100 8.8.8.8 Did you this DNS setttings. Do you know him? Thanks,regards.
|
|
#6
April 1st, 2018, 08:04 PM
|
|||
|
|||
|
I think that file on my desktop was not good - I deleted it.
here is the link: https://www.virustotal.com/#/file/35...bd8cc5/details (think this is my database file? I use ACT! database) [DhcpNameServer] 192.168.200.100 8.8.8.8 Did you this DNS setttings. Do you know him? I don't think I do? My husband's computer networks to mine but I dont' think this is his? I don't even know about DNS settings.
|
|
#7
April 2nd, 2018, 08:07 PM
|
||||
|
||||
|
Hi Skydevil,
Sorry for the delay in writing back. On the logs doesen't seems problem. ---------------------- Please do this following. Step 1: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. Code:
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
FirewallRules: [{6347D601-AA27-4BA0-9AB5-B7BF6E7324DE}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{3F874171-C04B-4786-8F33-A490E1F85869}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe
SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> DefaultScope {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
C:\Users\User\BullseyeCoverageError.txt
C:\Users\User\AppData\Local\Temp\BullseyeCoverage-x86-3.dll
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Hosts:
EMPTYTEMP:
NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Step 2: Please download Adwcleaner Link1,Link2,Link3 by Xplode onto your desktop.
Regards. Last edited by olgun52; April 2nd, 2018 at 08:15 PM.
|
|
#8
April 2nd, 2018, 11:59 PM
|
|||
|
|||
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by User (02-04-2018 15:51:29) Run:2 Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" FirewallRules: [{6347D601-AA27-4BA0-9AB5-B7BF6E7324DE}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{3F874171-C04B-4786-8F33-A490E1F85869}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> DefaultScope {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} C:\Users\User\BullseyeCoverageError.txt C:\Users\User\AppData\Local\Temp\BullseyeCoverage-x86-3.dll cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state ON cmd: Bitsadmin /Reset /Allusers cmd: ipconfig /flushdns Hosts: EMPTYTEMP: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{6347D 601-AA27-4BA0-9AB5-B7BF6E7324DE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{3F874 171-C04B-4786-8F33-A490E1F85869}" => removed successfully "HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully "HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found "HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451}" => removed successfully HKLM\Software\Classes\CLSID\{7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} => not found C:\Users\User\BullseyeCoverageError.txt => moved successfully C:\Users\User\AppData\Local\Temp\BullseyeCoverage-x86-3.dll => moved successfully ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= Resetting Global, OK! Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39938955 B Java, Flash, Steam htmlcache => 294 B Windows/system/drivers => 32860445 B Edge => 0 B Chrome => 0 B Firefox => 411295045 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 267380 B User => 537026249 B RecycleBin => 6083490106 B EmptyTemp: => 6.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:52:53 ====
|
|
#9
April 3rd, 2018, 12:30 AM
|
|||
|
|||
|
# AdwCleaner 7.0.8.0 - Logfile created on Mon Apr 02 23:02:37 2018
# Updated on 2018/08/02 by Malwarebytes # Database: 2018-04-02.1 # Running on Windows 8.1 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
|
|
#10
April 3rd, 2018, 12:31 AM
|
|||
|
|||
|
I ran this before adware cleaner but the log didn't post so here it is:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by User (02-04-2018 15:51:29) Run:2 Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" FirewallRules: [{6347D601-AA27-4BA0-9AB5-B7BF6E7324DE}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{3F874171-C04B-4786-8F33-A490E1F85869}] => (Allow) C:\Users\User\AppData\Local\Temp\XP-420\Network\EpsonNetSetup\ENEasyApp.exe SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> DefaultScope {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2191935193-2170755763-1873414145-1001 -> {7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} C:\Users\User\BullseyeCoverageError.txt C:\Users\User\AppData\Local\Temp\BullseyeCoverage-x86-3.dll cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state ON cmd: Bitsadmin /Reset /Allusers cmd: ipconfig /flushdns Hosts: EMPTYTEMP: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{6347D 601-AA27-4BA0-9AB5-B7BF6E7324DE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{3F874 171-C04B-4786-8F33-A490E1F85869}" => removed successfully "HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully "HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found "HKU\S-1-5-21-2191935193-2170755763-1873414145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451}" => removed successfully HKLM\Software\Classes\CLSID\{7CAF7CBD-B0F1-49A0-BEB6-E1D87345A451} => not found C:\Users\User\BullseyeCoverageError.txt => moved successfully C:\Users\User\AppData\Local\Temp\BullseyeCoverage-x86-3.dll => moved successfully ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= Resetting Global, OK! Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39938955 B Java, Flash, Steam htmlcache => 294 B Windows/system/drivers => 32860445 B Edge => 0 B Chrome => 0 B Firefox => 411295045 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 267380 B User => 537026249 B RecycleBin => 6083490106 B EmptyTemp: => 6.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:52:53 ====
|
|
#11
April 4th, 2018, 05:34 PM
|
||||
|
||||
|
Thanks Skydevil,
Scan with Zemana AntiMalware Free:
ESET Online Scanner -------------------- I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
Remove found threats Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology
Have a nice day.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 12:08 AM.
