Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Defender cannot remove CoinMiner!bit


  • This topic is locked This topic is locked
11 replies to this topic

#1 cypressotter

cypressotter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 December 2017 - 06:17 PM

Win Defender finds CoinMiner!bit, but when I choose to remove it, Defender reports it cannot be found.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by topher (administrator) on ERINNUC (01-12-2017 16:05:40)
Running from C:\Users\Erin\Downloads
Loaded Profiles: Erin & topher (Available Profiles: Erin & topher)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(©2016 Datacolor) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(©2016 Datacolor) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2016-02-11] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [ISUSPM] =>  -scheduler
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [OpenDNS Updater] => "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [C4ED47BAE86C6E0071F3DC71D375DAF583D54172._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\MountPoints2: {359691b1-ca8a-11e6-830c-303a64fcb097} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1443137734-1117724155-2645928654-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1443137734-1117724155-2645928654-1004\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [11422384 2016-10-04] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-12-11]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe (©2016 Datacolor)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-05-17]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-05-17]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7A015178-4D60-46AF-87D6-A5B1231DC2FB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2017-10-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ax83kzk.default
FF ProfilePath: C:\Users\topher\AppData\Roaming\Mozilla\Firefox\Profiles\1ax83kzk.default [2017-07-31]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default [2015-05-19]
CHR Extension: (Google Slides) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google Search) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Google Sheets) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
R3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [713712 2017-10-05] (Foolish IT LLC)
S3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [713712 2017-10-05] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [713712 2017-10-05] (Foolish IT LLC)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 MSSQL$UPSWSDBINSTANCE; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2017-10-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
S4 SQLAgent$UPSWSDBINSTANCE; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cmnxusbser; C:\Windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_x64.sys [39704 2013-07-15] (Nuvoton Technology Corp.)
S3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2015-09-08] (Datacolor)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-30 20:36 - 2017-12-01 15:58 - 000037968 _____ C:\Users\Erin\Downloads\Addition.txt
2017-11-30 20:34 - 2017-12-01 16:05 - 000018284 _____ C:\Users\Erin\Downloads\FRST.txt
2017-11-30 20:34 - 2017-12-01 16:05 - 000000000 ____D C:\FRST
2017-11-30 20:31 - 2017-11-30 20:31 - 002391552 _____ (Farbar) C:\Users\Erin\Downloads\FRST64.exe
2017-11-30 11:35 - 2017-11-30 11:35 - 000388608 _____ (Trend Micro Inc.) C:\Users\Erin\Downloads\HijackThis.exe
2017-11-30 10:13 - 2017-11-30 10:13 - 000011862 _____ C:\Users\Erin\Desktop\SOFOrder11_17.odt
2017-11-30 09:18 - 2017-11-30 09:20 - 078346672 _____ (Malwarebytes ) C:\Users\Erin\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-29 15:32 - 2017-11-29 15:32 - 000966764 _____ C:\Users\Erin\Downloads\msg0002 (14).wav
2017-11-29 15:30 - 2017-11-29 15:30 - 000566124 _____ C:\Users\Erin\Downloads\msg0000 (37).wav
2017-11-27 09:51 - 2017-11-27 09:51 - 000535404 _____ C:\Users\Erin\Downloads\msg0002 (13).wav
2017-11-27 09:50 - 2017-11-27 09:50 - 000468524 _____ C:\Users\Erin\Downloads\msg0001 (14).wav
2017-11-27 09:49 - 2017-11-27 09:49 - 000289324 _____ C:\Users\Erin\Downloads\msg0000 (36).wav
2017-11-24 09:41 - 2017-11-24 09:41 - 000692524 _____ C:\Users\Erin\Downloads\msg0000 (35).wav
2017-11-20 18:34 - 2017-11-20 18:34 - 000428524 _____ C:\Users\Erin\Downloads\msg0004 (6).wav
2017-11-15 17:13 - 2017-11-15 17:13 - 000001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-15 17:13 - 2017-11-15 17:13 - 000000000 ____D C:\Users\Erin\Desktop\Old Firefox Data
2017-11-15 11:03 - 2017-11-15 11:03 - 000515884 _____ C:\Users\Erin\Downloads\msg0001 (13).wav
2017-11-15 10:29 - 2017-11-15 10:29 - 000458604 _____ C:\Users\Erin\Downloads\msg0000 (34).wav
2017-11-15 07:55 - 2017-11-15 07:55 - 000311176 _____ (Mozilla) C:\Users\Erin\Downloads\Firefox Installer.exe
2017-11-14 11:35 - 2017-10-17 12:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 11:35 - 2017-10-16 11:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 11:35 - 2017-10-14 06:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-14 11:35 - 2017-10-14 01:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-14 11:35 - 2017-10-14 01:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-14 11:35 - 2017-10-14 01:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-14 11:35 - 2017-10-14 01:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-14 11:35 - 2017-10-14 01:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-14 11:35 - 2017-10-14 01:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-14 11:35 - 2017-10-14 00:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-14 11:35 - 2017-10-14 00:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-14 11:35 - 2017-10-14 00:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-14 11:35 - 2017-10-14 00:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-14 11:35 - 2017-10-14 00:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-14 11:35 - 2017-10-14 00:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-14 11:35 - 2017-10-14 00:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-14 11:35 - 2017-10-14 00:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-14 11:35 - 2017-10-14 00:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 11:35 - 2017-10-14 00:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-14 11:35 - 2017-10-14 00:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 11:35 - 2017-10-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-14 11:35 - 2017-10-13 23:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 11:35 - 2017-10-13 23:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 11:35 - 2017-10-13 23:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 11:35 - 2017-10-13 23:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 11:35 - 2017-10-13 23:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 11:35 - 2017-10-13 23:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-14 11:35 - 2017-10-13 23:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 11:35 - 2017-10-13 23:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 11:35 - 2017-10-13 23:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 11:35 - 2017-10-13 23:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 11:35 - 2017-10-13 23:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 11:35 - 2017-10-13 23:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 11:35 - 2017-10-13 23:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 11:35 - 2017-10-13 23:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 11:35 - 2017-10-10 09:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 11:35 - 2017-10-10 08:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 11:35 - 2017-10-10 08:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-14 11:35 - 2017-10-10 08:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 11:35 - 2017-10-10 08:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-14 11:35 - 2017-10-05 00:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-14 11:35 - 2017-09-14 16:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-11-14 11:35 - 2017-09-08 10:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-11-14 11:35 - 2017-09-08 09:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-11-14 11:35 - 2017-09-07 20:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-14 11:35 - 2017-09-07 20:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-14 11:35 - 2017-09-07 14:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-11-14 11:35 - 2017-09-07 12:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-11-14 11:35 - 2017-09-07 10:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-11-14 11:35 - 2017-09-07 10:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-11-14 11:35 - 2017-09-07 06:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 11:35 - 2017-09-07 06:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 11:35 - 2017-09-06 16:07 - 000158552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 11:35 - 2017-09-06 14:17 - 000461144 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 11:35 - 2017-09-06 14:17 - 000443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 11:35 - 2017-09-06 07:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-11-14 11:35 - 2017-08-10 18:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-14 11:35 - 2017-08-10 18:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-11-14 11:26 - 2017-10-11 00:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 11:26 - 2017-10-10 08:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 11:26 - 2017-10-10 06:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-10 10:15 - 2017-11-10 10:15 - 000238124 _____ C:\Users\Erin\Downloads\msg0004 (5).wav
2017-11-07 09:14 - 2017-11-07 09:14 - 000809964 _____ C:\Users\Erin\Downloads\msg0003 (5).wav
2017-11-07 09:14 - 2017-11-07 09:14 - 000272684 _____ C:\Users\Erin\Downloads\msg0002 (12).wav
2017-11-06 13:09 - 2017-11-06 13:09 - 000016607 _____ C:\Users\Erin\Downloads\Invoice_0000004174VV447_110417.PDF
2017-11-03 12:38 - 2017-11-03 12:38 - 000380947 _____ C:\Users\Erin\Desktop\Paypal_Transactions.pdf
2017-11-03 11:07 - 2017-11-03 11:07 - 000111246 _____ C:\Users\Erin\Downloads\f5500ez.pdf
2017-11-02 17:24 - 2017-11-02 17:24 - 000002152 _____ C:\Users\Public\Desktop\Carbonite.lnk
2017-11-02 17:24 - 2017-11-02 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2017-11-02 17:22 - 2017-11-02 17:23 - 017242632 _____ (Carbonite, Inc.) C:\Users\Erin\Downloads\CarboniteSetup-personal-client (3).exe
2017-11-01 12:09 - 2017-11-01 12:09 - 000071260 _____ C:\Users\Erin\Desktop\ItemSalesReport.pdf
2017-11-01 09:57 - 2017-11-01 09:57 - 000550124 _____ C:\Users\Erin\Downloads\msg0001 (12).wav
2017-11-01 09:57 - 2017-11-01 09:57 - 000550124 _____ C:\Users\Erin\Downloads\msg0001 (11).wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-01 16:04 - 2015-05-16 16:30 - 000000000 __SHD C:\Users\topher\IntelGraphicsProfiles
2017-12-01 16:04 - 2015-05-16 14:45 - 000000000 ____D C:\Users\Erin\AppData\Local\ClassicShell
2017-12-01 16:04 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2017-12-01 16:01 - 2015-05-17 06:10 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1443137734-1117724155-2645928654-1001
2017-12-01 16:01 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness
2017-12-01 15:59 - 2016-11-20 10:25 - 000000000 ____D C:\Users\Erin\AppData\LocalLow\Mozilla
2017-12-01 15:58 - 2014-11-21 01:44 - 000957324 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-01 15:54 - 2017-01-22 18:32 - 000000000 ____D C:\Users\Erin\AppData\Local\ShipStation Connect
2017-12-01 15:54 - 2015-05-16 14:36 - 000000000 __SHD C:\Users\Erin\IntelGraphicsProfiles
2017-12-01 15:54 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 15:53 - 2016-12-16 11:44 - 000004062 _____ C:\Windows\System32\Tasks\CryptoPrevent Update
2017-12-01 10:31 - 2016-01-22 09:48 - 000000000 ____D C:\Users\Erin\AppData\Local\Deployment
2017-12-01 08:56 - 2016-08-29 13:28 - 000000000 ____D C:\ProgramData\Foxit Software
2017-12-01 07:20 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-30 16:52 - 2015-12-30 08:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 13:04 - 2016-02-24 21:42 - 000000000 ____D C:\Windows\Microsoft Antimalware
2017-11-30 10:13 - 2012-04-23 20:49 - 002623488 ___SH C:\Users\Erin\Desktop\Thumbs.db
2017-11-30 09:41 - 2017-03-28 08:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-30 09:41 - 2015-05-16 14:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-30 09:36 - 2015-05-16 14:34 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-30 09:34 - 2015-05-17 06:04 - 000000000 ____D C:\Users\Erin
2017-11-27 15:59 - 2013-12-10 16:14 - 000000000 ____D C:\Users\Erin\Desktop\QB PDF
2017-11-27 15:41 - 2015-05-16 15:32 - 000000000 ____D C:\Users\topher
2017-11-26 08:07 - 2015-12-30 08:49 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-20 13:32 - 2015-08-11 07:46 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-19 02:32 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\rescache
2017-11-16 15:15 - 2015-05-16 14:58 - 000000000 ____D C:\Users\Erin\AppData\Roaming\Skype
2017-11-16 13:41 - 2013-08-22 06:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2017-11-16 09:54 - 2015-05-18 15:14 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 09:54 - 2013-08-22 07:44 - 000377696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 09:48 - 2015-05-16 21:11 - 000000000 ____D C:\Users\Erin\AppData\Local\CrashDumps
2017-11-15 20:44 - 2015-05-16 16:18 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2017-11-15 17:13 - 2015-05-16 16:23 - 000000000 ____D C:\Users\Erin\AppData\Roaming\Mozilla
2017-11-14 19:54 - 2015-05-16 14:35 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 19:54 - 2015-05-16 14:35 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 14:55 - 2015-05-16 14:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 14:19 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-14 14:17 - 2015-05-18 08:59 - 000000000 ____D C:\Windows\system32\MRT
2017-11-14 14:09 - 2017-10-10 21:08 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-14 14:09 - 2015-05-18 08:59 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-07 01:54 - 2015-05-16 14:35 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-03 17:41 - 2014-11-21 09:03 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-03 17:41 - 2014-11-21 09:03 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 17:24 - 2015-05-19 11:47 - 000004120 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}

==================== Files in the root of some directories =======

2014-02-06 10:44 - 2014-01-27 16:31 - 009452704 _____ (SurfRight B.V.) C:\Users\Public\hitmanpro.exe
2014-02-06 10:44 - 2014-01-27 16:43 - 001855848 _____ (SurfRight B.V.) C:\Users\Public\hmpalert25.exe
2015-05-16 16:23 - 2015-05-16 16:23 - 016258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-17 10:51 - 2015-05-17 10:51 - 000007266 _____ () C:\Users\topher\AppData\Roaming\Dell2335Options.xml
2017-01-02 17:46 - 2017-01-02 17:46 - 000001244 _____ () C:\Users\topher\AppData\Local\recently-used.xbel
2017-01-02 17:26 - 2017-01-02 17:37 - 000000177 _____ () C:\Users\topher\AppData\Local\zenmap.exe.log

Some files in TEMP:
====================
2015-05-18 06:42 - 2015-05-18 06:42 - 000004608 _____ () C:\Users\Erin\AppData\Local\Temp\5b1jel44.dll
2016-03-18 08:51 - 2015-10-12 13:38 - 000036864 _____ () C:\Users\Erin\AppData\Local\Temp\cleanup.exe
2016-09-11 21:30 - 2016-09-11 21:31 - 008175562 _____ (SurfRight B.V.) C:\Users\Erin\AppData\Local\Temp\HitmanPro_x64.exe
2017-01-25 13:26 - 2017-01-25 13:26 - 000035680 _____ () C:\Users\Erin\AppData\Local\Temp\i4jdel0.exe
2015-04-15 13:13 - 2015-04-15 13:13 - 000118784 _____ () C:\Users\Erin\AppData\Local\Temp\xmlUpdater.exe
2015-09-08 11:17 - 2009-05-08 05:50 - 000455600 ____R (Macrovision Corporation) C:\Users\Erin\AppData\Local\Temp\_is72A.exe
2016-05-20 12:04 - 2010-09-24 12:32 - 000226672 _____ () C:\Users\topher\AppData\Local\Temp\Abspdf.exe
2016-05-20 12:04 - 2012-01-05 13:43 - 000749715 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfu.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000947200 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuamd64.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000407269 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfui.dll
2016-05-20 12:04 - 2006-07-12 16:11 - 001093632 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuia64.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000430592 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuiamd64.dll
2016-05-20 12:04 - 2006-07-12 16:11 - 000346112 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuiia64.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 004218880 _____ (Amyuni Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\cdintf.dll
2016-08-29 13:28 - 2015-04-22 14:53 - 004881120 _____ (Foxit Corporation) C:\Users\topher\AppData\Local\Temp\FoxitUpdater.exe
2015-05-17 09:55 - 2015-05-17 10:12 - 011024496 _____ (SurfRight B.V.) C:\Users\topher\AppData\Local\Temp\HitmanPro_x64.exe
2016-05-30 09:47 - 2016-05-30 09:48 - 004397896 _____ (SurfRight B.V.) C:\Users\topher\AppData\Local\Temp\hmpalert_update.exe
2016-05-20 12:02 - 2016-05-20 12:02 - 000111936 _____ (Microsoft Corporation) C:\Users\topher\AppData\Local\Temp\MSIZAP.EXE
2016-05-20 12:05 - 2011-07-20 10:18 - 000042264 _____ (Tri-Sector, Inc.) C:\Users\topher\AppData\Local\Temp\PDFPRT400.exe
2015-05-17 10:41 - 2010-08-04 12:17 - 000161088 ____N () C:\Users\topher\AppData\Local\Temp\sskinst.exe
2016-05-20 12:00 - 2016-05-20 12:00 - 000643072 _____ (STLport Consulting, Inc.) C:\Users\topher\AppData\Local\Temp\stlport_r50.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000121856 _____ (Microsoft Corporation) C:\Users\topher\AppData\Local\Temp\xmllite.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-29 04:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by topher (01-12-2017 16:06:18)
Running from C:\Users\Erin\Downloads
Windows 8.1 (Update) (X64) (2015-05-17 13:04:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1443137734-1117724155-2645928654-500 - Administrator - Disabled)
Erin (S-1-5-21-1443137734-1117724155-2645928654-1001 - Limited - Enabled) => C:\Users\Erin
Guest (S-1-5-21-1443137734-1117724155-2645928654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1443137734-1117724155-2645928654-1006 - Limited - Enabled)
SophosSAUERINNUC0 (S-1-5-21-1443137734-1117724155-2645928654-1011 - Limited - Enabled)
topher (S-1-5-21-1443137734-1117724155-2645928654-1004 - Administrator - Enabled) => C:\Users\topher

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

01 Transaction Pro Deleter 2.0 (HKLM-x32\...\01 Transaction Pro Deleter 2.0) (Version: 2.0.02 - Baystate Consulting (781) 932-1133)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
AlignmentUtility (HKLM-x32\...\{4C5E314A-31CA-4223-9A90-CE0C4D5800A4}) (Version: 18.00.0000 - UPS) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
CCC (HKLM-x32\...\{95749C5B-BC37-41E3-8D39-EEF4C21A2825}) (Version: 18.00.0000 - United Parcel Service, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Common Desktop Agent (HKLM\...\{B66D9CD3-E041-427A-BE54-5FC3497612FC}) (Version: 1.62.0 - OEM) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.3 - Foolish IT LLC)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell 2335dn MFP Software Uninstall (HKLM-x32\...\Dell 2335dn MFP) (Version:  - DELL Inc.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FormsComponent (HKLM-x32\...\{91032FF2-836F-4CCA-A1A3-55B966E82907}) (Version: 18.00.0000 - UPS) Hidden
FOSS (HKLM-x32\...\{267FC070-5271-4768-B33A-33E4EA0E3A74}) (Version: 18.00.0000 - UPS) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\{32E600A5-C6F1-38A2-A8CC-B7DEF699D3F1}) (Version: 62.0.3202.94 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 18.00.0000 - UPS)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
join.me (HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\JoinMe) (Version: 2.5.2.1294 - LogMeIn, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 18.00.0000 - UPS) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NA1Messenger (HKLM-x32\...\{D44E7219-947E-4F1B-830E-66EF11ACC543}) (Version: 18.00.0000 - Your Company Name) Hidden
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8 - Notepad++ Team)
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NRF (HKLM-x32\...\{99A0F94F-9F09-4F09-B8D9-E8F1BBBEF212}) (Version: 18.00.0000 - UPS) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PolicyManager (HKLM-x32\...\{2329553C-D499-4476-A20F-9C7E82ED122B}) (Version: 18.00.0000 - UPS) Hidden
QBFC 13.0 (HKLM-x32\...\{42A7A870-C6A9-4EEE-8755-2755E3C60EE4}) (Version: 13.0.0.23 - Intuit Developer Network)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4012.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4012.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Reconciler (HKLM-x32\...\{98C4DE92-27C8-482C-8431-514828756E80}) (Version: 18.00.0000 - UPS) Hidden
ReportServer (HKLM-x32\...\{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}) (Version: 18.00.0000 - Your Company Name) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.6.5.13 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Scan Manager (HKLM-x32\...\{B7E981A3-4517-4B05-98E7-E3E8ED355591}) (Version: 0.00.0013 - Dell)
ScanSoft PaperPort 11 (HKLM-x32\...\{848E36E7-0784-49C3-81F4-DD946ABAF46A}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
ShipStation Connect (HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\3aae993d1ca25c50) (Version: 4.2.1.9 - Amazon.com)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoftCookies Connector (HKLM\...\{82731BBB-95E2-4ECD-852F-E64CAA82C2F2}) (Version: 78.0.0 - SoftCookies)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
SupportUtility (HKLM-x32\...\{31AF8802-BF43-4C43-984B-EC597CF51505}) (Version: 18.00.0000 - UPS) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 18.00.0000 - UPS) Hidden
UnifiedPrinting (HKLM-x32\...\{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}) (Version: 18.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 18.0 - UPS)
UPSDB (HKLM-x32\...\{837896B9-CACA-44EF-B2F8-F6DB3D743595}) (Version: 18.00.0000 - UPS) Hidden
UPSICC (HKLM-x32\...\{390160B4-D276-4A04-8002-8D3101A0D367}) (Version: 18.00.0000 - UPS) Hidden
UPSlinkHTTP (HKLM-x32\...\{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}) (Version: 18.00.0000 - UPS) Hidden
UPSVC2008MM (HKLM-x32\...\{95BFC573-7D09-46C9-B458-A75BA947FFCB}) (Version: 1.00.0000 - UPS) Hidden
UPSVCMM (HKLM-x32\...\{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}) (Version: 12.00.0000 - UPS) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 18.00.0000 - UPS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WorldShip (HKLM-x32\...\{05221EA8-BC66-483B-8036-5CAF7B813C10}) (Version: 18.00.0000 - UPS) Hidden
WSShared (HKLM-x32\...\{4D8761F6-BB0D-48B9-81F3-58EC0CDA2090}) (Version: 18.00.0000 - UPS) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1443137734-1117724155-2645928654-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-08-05] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-19] (Intel Corporation)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2015-04-09] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FD4BF5B-A6CE-4736-879B-2ECBB1B9A3C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-11-14] (Microsoft Corporation)
Task: {5AA2B9EE-B467-403D-9ECB-AFB40E88E162} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {90A82A6F-8B7F-4F92-8FD0-0B41FF05207D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {90AC519F-4F59-4E8E-AAC4-30145AF7B28F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9299365B-68EE-46D6-BF43-4B0DCFA05C25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9C13C836-DD8A-47F8-AFB8-E935DFDA6196} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {A8933510-A3C0-4A68-912C-C1B79AAA0E1E} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2017-10-05] (Foolish IT LLC)
Task: {AB974123-CADA-40DB-960C-00406ECE0F02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {CFA3C552-627A-4BB8-88D8-5F42A0DBB04D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {DE478A6F-029A-44F6-8CCF-98F2F8D76B84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {F10C6479-1E7C-4903-98DC-48241EE08A7B} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-17 10:51 - 2010-04-27 10:33 - 000080896 _____ () C:\Windows\System32\Dell2335Port_x64.dll
2015-05-17 10:50 - 2012-10-25 17:44 - 000034304 _____ () C:\Windows\System32\sdf1ml6.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-19 21:02 - 2015-03-19 21:02 - 000393480 _____ () C:\Windows\system32\igfxTray.exe
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 000462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2016-02-10 09:21 - 2016-02-09 08:15 - 001865216 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBGUIFramework.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000096256 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2016-02-10 09:21 - 2016-02-09 08:15 - 000013824 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Internet Encodings.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000090112 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 005340672 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000031744 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000293376 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000110592 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
AlternateDataStreams: C:\Users\Erin\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Erin\Downloads\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Downloads\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\Control Panel\Desktop\\Wallpaper -> D:\Photos\Jem_profile.jpg
HKU\S-1-5-21-1443137734-1117724155-2645928654-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: SkypeUpdate => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B161A1A2-46F7-4264-96E1-46CBBF1ABDD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C53BD315-A65C-4A87-B39C-5C7D3C458EB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0801644-4A39-4A83-9DED-186B4F6DE267}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ACFC4F0A-51CD-4F2A-ACEF-3C367E37E1F0}] => (Allow) LPort=2869
FirewallRules: [{89DF8CED-609E-44BE-93E6-0B3FC6778886}] => (Allow) LPort=1900
FirewallRules: [{BFD86277-9FEC-472B-84DF-6081057D4B7B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{57281D3F-2456-4A54-BFEA-97C05E2F6DFA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{76140616-4678-4C44-9061-E99F9568B760}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\ScanMgr2.exe
FirewallRules: [{246783C6-B980-4656-AC25-EF125577FFEE}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\ScanMgr2.exe
FirewallRules: [{404D174D-C780-46BF-BC00-897D85A2F10D}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\USDAgent\USDAgent.exe
FirewallRules: [{19086708-8AE2-4726-9DC7-297DA8C7D98A}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\USDAgent\USDAgent.exe
FirewallRules: [{753A3EDA-AD18-46E3-A7D3-2A31DB776165}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\PropertyUI\Sscan2io.exe
FirewallRules: [{0A0F9493-2EE6-492E-A9B0-76366F82E1CC}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\PropertyUI\Sscan2io.exe
FirewallRules: [{00678FAD-0486-4B04-9071-AE82F4D42B9E}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{85324F5E-C276-4701-85F8-21BC1E26C73C}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{64C9D352-26CA-4FC2-829C-03E615C2FBDE}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{BADC42DF-97A7-4450-931F-1354B10A5A97}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{0ECE5F92-2770-461D-8E13-B70A1A256149}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{1F34D546-141F-44D6-B96D-12EEB7C48BA7}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{880E3582-574B-4F42-9902-94717C92F302}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{795BE804-A4BF-44F1-8A99-4CB935327180}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{24B942F6-BDB1-49F8-A668-6CE5122C10A9}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{807E2EA8-98AA-45FD-A050-0AF5C7E93E4C}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{BE5A83CA-4160-43CA-9326-1D144346E229}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A78CA787-D525-4F07-925B-19A898DF777D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BE02FC8-ADED-42D7-BE2B-A83902966568}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C37A12BB-66CB-4AF7-B776-192DBBB200BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8851FCCA-FA1B-46B6-B147-D11BF315CFCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91B90DB6-94C3-4467-8BCC-19DD2E2CAF5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5BAE8850-987D-4DD5-B69E-4C96998D5F0E}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{41CDC6F0-4A77-400D-8939-BF5F2D305D18}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [TCP Query User{E4D79633-E948-461E-B3CA-316D6F411320}C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe] => (Allow) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [UDP Query User{89CC6A82-9D17-48BD-93C3-7FE7CF055FDC}C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe] => (Allow) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [{DD058683-1191-47E9-A9E5-4CB42D2162FF}] => (Block) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [{91942CAF-0FDA-4B36-BF8C-3D17946FEF74}] => (Block) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [TCP Query User{7A6331AC-8AAA-4F69-8FDD-9AFC9B200744}C:\program files (x86)\readyshipper\readyshipper.exe] => (Allow) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [UDP Query User{F2013F0E-65C2-4C1A-82A8-94B1F4DA481B}C:\program files (x86)\readyshipper\readyshipper.exe] => (Allow) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [{931C88C6-448F-4EB0-9FAC-30D121BFDB9C}] => (Block) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [{1BAFF65D-05FF-4EF5-A417-2D4D320ADEC2}] => (Block) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [{6D840FCC-3CEC-499E-86DA-1047B1F411D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6E15B0DC-994D-4202-9196-393A9E0ADC16}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [{ADD2DD63-4A85-421B-8CED-032B755038C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2017 04:04:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/01/2017 11:35:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219

Error: (12/01/2017 11:35:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219

Error: (12/01/2017 11:35:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2017 07:48:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/01/2017 07:20:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/30/2017 02:28:50 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/30/2017 02:28:50 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_26; ;DBF=D:\Intuit\QuickBooks\Company Files\The Earth Pigments Company_v4.qbw;ENG=QB_data_engine_26;DBN=3112ec2240884c4c9873479f097fad57

Error: (11/30/2017 02:28:50 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
Connection Error:Invalid user ID or password

Error: (11/30/2017 09:47:30 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'


System errors:
=============
Error: (12/01/2017 03:54:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/01/2017 03:53:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CryptoPrevent Email Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/01/2017 03:53:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Monitor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (12/01/2017 07:21:10 AM) (Source: DCOM) (EventID: 10010) (User: ERINNUC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/30/2017 02:28:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/30/2017 12:18:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:03:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/30/2017 12:03:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================
  Date: 2016-03-06 09:08:19.847
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-06 09:08:19.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:28.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:28.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:28.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:27.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:11.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:11.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:10.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:10.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 59%
Total physical RAM: 4024.1 MB
Available physical RAM: 1625.8 MB
Total Virtual: 10936.1 MB
Available Virtual: 8338.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.27 GB) (Free:18.95 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.76 GB) (Free:105.07 GB) NTFS
Drive e: (WDO_MEDIA64) (Removable) (Total:14.89 GB) (Free:14.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: A667B17C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Tanks! :)



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 03 December 2017 - 09:20 AM

Greetings cypressotter and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I have reviewed your reports and am happy to report your computer is clean. That Windows Defender detection is a false positive. Please update your Windows Defender Definitions to version 1.257.1153.0 and run another scan. The false positive should have been fixed with this update.

Let me know what happens.

Edited by Oh My!, 03 December 2017 - 04:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 06 December 2017 - 10:47 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#4 cypressotter

cypressotter
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 December 2017 - 10:40 AM

Hi, Sorry about that! I updated the def's and will run a scan this evening and report back what it finds.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 07 December 2017 - 11:00 AM

:thumbsup2:


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#6 cypressotter

cypressotter
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 08 December 2017 - 08:48 AM

Win Defender found nothing this time. Thanks much for your help!

-Christopher



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 December 2017 - 09:18 AM

Excellent.

Do you have any other questions or concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#8 cypressotter

cypressotter
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 08 December 2017 - 10:40 AM

Sure. I was used to running Win Defender Offline, (or whatever it's called) from a USB thumb drive as I believed it was able to find trojan's before WIN started up. Is offline scanning still better?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 December 2017 - 08:59 PM

Personally I would say running Windows Defender offline is warranted if there is an indication of a rootkit or other malware that is difficult to remove. Routinely using the online version is sufficient for most people. Just my opinion.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#10 cypressotter

cypressotter
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 08 December 2017 - 10:18 PM

Great, that's what I'll do. Thanks again Gary.

-Christopher



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 December 2017 - 11:28 PM

My pleasure Christopher.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 December 2017 - 11:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users