Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Defender cannot remove CoinMiner!bit


  • This topic is locked This topic is locked
2 replies to this topic

#1 cypressotter

cypressotter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 01 December 2017 - 06:25 PM

Win Defender finds CoinMiner!bit, but when I choose to remove it, Defender reports it cannot be found.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by topher (administrator) on ERINNUC (01-12-2017 16:05:40)
Running from C:\Users\Erin\Downloads
Loaded Profiles: Erin & topher (Available Profiles: Erin & topher)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(©2016 Datacolor) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(©2016 Datacolor) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-06-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2016-02-11] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [ISUSPM] =>  -scheduler
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [OpenDNS Updater] => "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\Run: [C4ED47BAE86C6E0071F3DC71D375DAF583D54172._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\MountPoints2: {359691b1-ca8a-11e6-830c-303a64fcb097} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1443137734-1117724155-2645928654-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1443137734-1117724155-2645928654-1004\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [11422384 2016-10-04] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-12-11]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe (©2016 Datacolor)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-05-17]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-05-17]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7A015178-4D60-46AF-87D6-A5B1231DC2FB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2017-10-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ax83kzk.default
FF ProfilePath: C:\Users\topher\AppData\Roaming\Mozilla\Firefox\Profiles\1ax83kzk.default [2017-07-31]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default [2015-05-19]
CHR Extension: (Google Slides) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google Search) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Google Sheets) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
R3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [713712 2017-10-05] (Foolish IT LLC)
S3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [713712 2017-10-05] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [713712 2017-10-05] (Foolish IT LLC)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 MSSQL$UPSWSDBINSTANCE; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2017-10-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
S4 SQLAgent$UPSWSDBINSTANCE; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cmnxusbser; C:\Windows\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_x64.sys [39704 2013-07-15] (Nuvoton Technology Corp.)
S3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2015-09-08] (Datacolor)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-30 20:36 - 2017-12-01 15:58 - 000037968 _____ C:\Users\Erin\Downloads\Addition.txt
2017-11-30 20:34 - 2017-12-01 16:05 - 000018284 _____ C:\Users\Erin\Downloads\FRST.txt
2017-11-30 20:34 - 2017-12-01 16:05 - 000000000 ____D C:\FRST
2017-11-30 20:31 - 2017-11-30 20:31 - 002391552 _____ (Farbar) C:\Users\Erin\Downloads\FRST64.exe
2017-11-30 11:35 - 2017-11-30 11:35 - 000388608 _____ (Trend Micro Inc.) C:\Users\Erin\Downloads\HijackThis.exe
2017-11-30 10:13 - 2017-11-30 10:13 - 000011862 _____ C:\Users\Erin\Desktop\SOFOrder11_17.odt
2017-11-30 09:18 - 2017-11-30 09:20 - 078346672 _____ (Malwarebytes ) C:\Users\Erin\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-29 15:32 - 2017-11-29 15:32 - 000966764 _____ C:\Users\Erin\Downloads\msg0002 (14).wav
2017-11-29 15:30 - 2017-11-29 15:30 - 000566124 _____ C:\Users\Erin\Downloads\msg0000 (37).wav
2017-11-27 09:51 - 2017-11-27 09:51 - 000535404 _____ C:\Users\Erin\Downloads\msg0002 (13).wav
2017-11-27 09:50 - 2017-11-27 09:50 - 000468524 _____ C:\Users\Erin\Downloads\msg0001 (14).wav
2017-11-27 09:49 - 2017-11-27 09:49 - 000289324 _____ C:\Users\Erin\Downloads\msg0000 (36).wav
2017-11-24 09:41 - 2017-11-24 09:41 - 000692524 _____ C:\Users\Erin\Downloads\msg0000 (35).wav
2017-11-20 18:34 - 2017-11-20 18:34 - 000428524 _____ C:\Users\Erin\Downloads\msg0004 (6).wav
2017-11-15 17:13 - 2017-11-15 17:13 - 000001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-15 17:13 - 2017-11-15 17:13 - 000000000 ____D C:\Users\Erin\Desktop\Old Firefox Data
2017-11-15 11:03 - 2017-11-15 11:03 - 000515884 _____ C:\Users\Erin\Downloads\msg0001 (13).wav
2017-11-15 10:29 - 2017-11-15 10:29 - 000458604 _____ C:\Users\Erin\Downloads\msg0000 (34).wav
2017-11-15 07:55 - 2017-11-15 07:55 - 000311176 _____ (Mozilla) C:\Users\Erin\Downloads\Firefox Installer.exe
2017-11-14 11:35 - 2017-10-17 12:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 11:35 - 2017-10-16 11:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 11:35 - 2017-10-14 06:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-14 11:35 - 2017-10-14 01:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-14 11:35 - 2017-10-14 01:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-14 11:35 - 2017-10-14 01:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-14 11:35 - 2017-10-14 01:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-14 11:35 - 2017-10-14 01:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-14 11:35 - 2017-10-14 01:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-14 11:35 - 2017-10-14 00:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-14 11:35 - 2017-10-14 00:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-14 11:35 - 2017-10-14 00:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-14 11:35 - 2017-10-14 00:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-14 11:35 - 2017-10-14 00:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-14 11:35 - 2017-10-14 00:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-14 11:35 - 2017-10-14 00:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-14 11:35 - 2017-10-14 00:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-14 11:35 - 2017-10-14 00:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 11:35 - 2017-10-14 00:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-14 11:35 - 2017-10-14 00:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 11:35 - 2017-10-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-14 11:35 - 2017-10-13 23:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 11:35 - 2017-10-13 23:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 11:35 - 2017-10-13 23:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 11:35 - 2017-10-13 23:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 11:35 - 2017-10-13 23:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 11:35 - 2017-10-13 23:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-14 11:35 - 2017-10-13 23:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 11:35 - 2017-10-13 23:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 11:35 - 2017-10-13 23:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 11:35 - 2017-10-13 23:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 11:35 - 2017-10-13 23:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 11:35 - 2017-10-13 23:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 11:35 - 2017-10-13 23:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 11:35 - 2017-10-13 23:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 11:35 - 2017-10-10 09:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 11:35 - 2017-10-10 08:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 11:35 - 2017-10-10 08:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-14 11:35 - 2017-10-10 08:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 11:35 - 2017-10-10 08:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-14 11:35 - 2017-10-05 00:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-14 11:35 - 2017-09-14 16:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-11-14 11:35 - 2017-09-08 10:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-11-14 11:35 - 2017-09-08 09:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-11-14 11:35 - 2017-09-07 20:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-14 11:35 - 2017-09-07 20:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-14 11:35 - 2017-09-07 14:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-11-14 11:35 - 2017-09-07 12:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-11-14 11:35 - 2017-09-07 10:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-11-14 11:35 - 2017-09-07 10:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-11-14 11:35 - 2017-09-07 06:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 11:35 - 2017-09-07 06:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 11:35 - 2017-09-06 16:07 - 000158552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 11:35 - 2017-09-06 14:17 - 000461144 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 11:35 - 2017-09-06 14:17 - 000443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 11:35 - 2017-09-06 07:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-11-14 11:35 - 2017-08-10 18:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-14 11:35 - 2017-08-10 18:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-11-14 11:26 - 2017-10-11 00:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 11:26 - 2017-10-10 08:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 11:26 - 2017-10-10 06:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 11:26 - 2017-10-10 06:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-10 10:15 - 2017-11-10 10:15 - 000238124 _____ C:\Users\Erin\Downloads\msg0004 (5).wav
2017-11-07 09:14 - 2017-11-07 09:14 - 000809964 _____ C:\Users\Erin\Downloads\msg0003 (5).wav
2017-11-07 09:14 - 2017-11-07 09:14 - 000272684 _____ C:\Users\Erin\Downloads\msg0002 (12).wav
2017-11-06 13:09 - 2017-11-06 13:09 - 000016607 _____ C:\Users\Erin\Downloads\Invoice_0000004174VV447_110417.PDF
2017-11-03 12:38 - 2017-11-03 12:38 - 000380947 _____ C:\Users\Erin\Desktop\Paypal_Transactions.pdf
2017-11-03 11:07 - 2017-11-03 11:07 - 000111246 _____ C:\Users\Erin\Downloads\f5500ez.pdf
2017-11-02 17:24 - 2017-11-02 17:24 - 000002152 _____ C:\Users\Public\Desktop\Carbonite.lnk
2017-11-02 17:24 - 2017-11-02 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2017-11-02 17:22 - 2017-11-02 17:23 - 017242632 _____ (Carbonite, Inc.) C:\Users\Erin\Downloads\CarboniteSetup-personal-client (3).exe
2017-11-01 12:09 - 2017-11-01 12:09 - 000071260 _____ C:\Users\Erin\Desktop\ItemSalesReport.pdf
2017-11-01 09:57 - 2017-11-01 09:57 - 000550124 _____ C:\Users\Erin\Downloads\msg0001 (12).wav
2017-11-01 09:57 - 2017-11-01 09:57 - 000550124 _____ C:\Users\Erin\Downloads\msg0001 (11).wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-01 16:04 - 2015-05-16 16:30 - 000000000 __SHD C:\Users\topher\IntelGraphicsProfiles
2017-12-01 16:04 - 2015-05-16 14:45 - 000000000 ____D C:\Users\Erin\AppData\Local\ClassicShell
2017-12-01 16:04 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2017-12-01 16:01 - 2015-05-17 06:10 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1443137734-1117724155-2645928654-1001
2017-12-01 16:01 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness
2017-12-01 15:59 - 2016-11-20 10:25 - 000000000 ____D C:\Users\Erin\AppData\LocalLow\Mozilla
2017-12-01 15:58 - 2014-11-21 01:44 - 000957324 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-01 15:54 - 2017-01-22 18:32 - 000000000 ____D C:\Users\Erin\AppData\Local\ShipStation Connect
2017-12-01 15:54 - 2015-05-16 14:36 - 000000000 __SHD C:\Users\Erin\IntelGraphicsProfiles
2017-12-01 15:54 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 15:53 - 2016-12-16 11:44 - 000004062 _____ C:\Windows\System32\Tasks\CryptoPrevent Update
2017-12-01 10:31 - 2016-01-22 09:48 - 000000000 ____D C:\Users\Erin\AppData\Local\Deployment
2017-12-01 08:56 - 2016-08-29 13:28 - 000000000 ____D C:\ProgramData\Foxit Software
2017-12-01 07:20 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-30 16:52 - 2015-12-30 08:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 13:04 - 2016-02-24 21:42 - 000000000 ____D C:\Windows\Microsoft Antimalware
2017-11-30 10:13 - 2012-04-23 20:49 - 002623488 ___SH C:\Users\Erin\Desktop\Thumbs.db
2017-11-30 09:41 - 2017-03-28 08:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-30 09:41 - 2015-05-16 14:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-30 09:36 - 2015-05-16 14:34 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-30 09:34 - 2015-05-17 06:04 - 000000000 ____D C:\Users\Erin
2017-11-27 15:59 - 2013-12-10 16:14 - 000000000 ____D C:\Users\Erin\Desktop\QB PDF
2017-11-27 15:41 - 2015-05-16 15:32 - 000000000 ____D C:\Users\topher
2017-11-26 08:07 - 2015-12-30 08:49 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-20 13:32 - 2015-08-11 07:46 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-19 02:32 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\rescache
2017-11-16 15:15 - 2015-05-16 14:58 - 000000000 ____D C:\Users\Erin\AppData\Roaming\Skype
2017-11-16 13:41 - 2013-08-22 06:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2017-11-16 09:54 - 2015-05-18 15:14 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 09:54 - 2013-08-22 07:44 - 000377696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 09:48 - 2015-05-16 21:11 - 000000000 ____D C:\Users\Erin\AppData\Local\CrashDumps
2017-11-15 20:44 - 2015-05-16 16:18 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2017-11-15 17:13 - 2015-05-16 16:23 - 000000000 ____D C:\Users\Erin\AppData\Roaming\Mozilla
2017-11-14 19:54 - 2015-05-16 14:35 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 19:54 - 2015-05-16 14:35 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 14:55 - 2015-05-16 14:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 14:19 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-14 14:17 - 2015-05-18 08:59 - 000000000 ____D C:\Windows\system32\MRT
2017-11-14 14:09 - 2017-10-10 21:08 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-14 14:09 - 2015-05-18 08:59 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-07 01:54 - 2015-05-16 14:35 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-03 17:41 - 2014-11-21 09:03 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-03 17:41 - 2014-11-21 09:03 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 17:24 - 2015-05-19 11:47 - 000004120 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}

==================== Files in the root of some directories =======

2014-02-06 10:44 - 2014-01-27 16:31 - 009452704 _____ (SurfRight B.V.) C:\Users\Public\hitmanpro.exe
2014-02-06 10:44 - 2014-01-27 16:43 - 001855848 _____ (SurfRight B.V.) C:\Users\Public\hmpalert25.exe
2015-05-16 16:23 - 2015-05-16 16:23 - 016258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-17 10:51 - 2015-05-17 10:51 - 000007266 _____ () C:\Users\topher\AppData\Roaming\Dell2335Options.xml
2017-01-02 17:46 - 2017-01-02 17:46 - 000001244 _____ () C:\Users\topher\AppData\Local\recently-used.xbel
2017-01-02 17:26 - 2017-01-02 17:37 - 000000177 _____ () C:\Users\topher\AppData\Local\zenmap.exe.log

Some files in TEMP:
====================
2015-05-18 06:42 - 2015-05-18 06:42 - 000004608 _____ () C:\Users\Erin\AppData\Local\Temp\5b1jel44.dll
2016-03-18 08:51 - 2015-10-12 13:38 - 000036864 _____ () C:\Users\Erin\AppData\Local\Temp\cleanup.exe
2016-09-11 21:30 - 2016-09-11 21:31 - 008175562 _____ (SurfRight B.V.) C:\Users\Erin\AppData\Local\Temp\HitmanPro_x64.exe
2017-01-25 13:26 - 2017-01-25 13:26 - 000035680 _____ () C:\Users\Erin\AppData\Local\Temp\i4jdel0.exe
2015-04-15 13:13 - 2015-04-15 13:13 - 000118784 _____ () C:\Users\Erin\AppData\Local\Temp\xmlUpdater.exe
2015-09-08 11:17 - 2009-05-08 05:50 - 000455600 ____R (Macrovision Corporation) C:\Users\Erin\AppData\Local\Temp\_is72A.exe
2016-05-20 12:04 - 2010-09-24 12:32 - 000226672 _____ () C:\Users\topher\AppData\Local\Temp\Abspdf.exe
2016-05-20 12:04 - 2012-01-05 13:43 - 000749715 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfu.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000947200 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuamd64.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000407269 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfui.dll
2016-05-20 12:04 - 2006-07-12 16:11 - 001093632 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuia64.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000430592 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuiamd64.dll
2016-05-20 12:04 - 2006-07-12 16:11 - 000346112 _____ (AMYUNI Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\acfpdfuiia64.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 004218880 _____ (Amyuni Technologies
http://www.amyuni.com) C:\Users\topher\AppData\Local\Temp\cdintf.dll
2016-08-29 13:28 - 2015-04-22 14:53 - 004881120 _____ (Foxit Corporation) C:\Users\topher\AppData\Local\Temp\FoxitUpdater.exe
2015-05-17 09:55 - 2015-05-17 10:12 - 011024496 _____ (SurfRight B.V.) C:\Users\topher\AppData\Local\Temp\HitmanPro_x64.exe
2016-05-30 09:47 - 2016-05-30 09:48 - 004397896 _____ (SurfRight B.V.) C:\Users\topher\AppData\Local\Temp\hmpalert_update.exe
2016-05-20 12:02 - 2016-05-20 12:02 - 000111936 _____ (Microsoft Corporation) C:\Users\topher\AppData\Local\Temp\MSIZAP.EXE
2016-05-20 12:05 - 2011-07-20 10:18 - 000042264 _____ (Tri-Sector, Inc.) C:\Users\topher\AppData\Local\Temp\PDFPRT400.exe
2015-05-17 10:41 - 2010-08-04 12:17 - 000161088 ____N () C:\Users\topher\AppData\Local\Temp\sskinst.exe
2016-05-20 12:00 - 2016-05-20 12:00 - 000643072 _____ (STLport Consulting, Inc.) C:\Users\topher\AppData\Local\Temp\stlport_r50.dll
2016-05-20 12:04 - 2012-01-05 13:43 - 000121856 _____ (Microsoft Corporation) C:\Users\topher\AppData\Local\Temp\xmllite.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-29 04:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by topher (01-12-2017 16:06:18)
Running from C:\Users\Erin\Downloads
Windows 8.1 (Update) (X64) (2015-05-17 13:04:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1443137734-1117724155-2645928654-500 - Administrator - Disabled)
Erin (S-1-5-21-1443137734-1117724155-2645928654-1001 - Limited - Enabled) => C:\Users\Erin
Guest (S-1-5-21-1443137734-1117724155-2645928654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1443137734-1117724155-2645928654-1006 - Limited - Enabled)
SophosSAUERINNUC0 (S-1-5-21-1443137734-1117724155-2645928654-1011 - Limited - Enabled)
topher (S-1-5-21-1443137734-1117724155-2645928654-1004 - Administrator - Enabled) => C:\Users\topher

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

01 Transaction Pro Deleter 2.0 (HKLM-x32\...\01 Transaction Pro Deleter 2.0) (Version: 2.0.02 - Baystate Consulting (781) 932-1133)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
AlignmentUtility (HKLM-x32\...\{4C5E314A-31CA-4223-9A90-CE0C4D5800A4}) (Version: 18.00.0000 - UPS) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
CCC (HKLM-x32\...\{95749C5B-BC37-41E3-8D39-EEF4C21A2825}) (Version: 18.00.0000 - United Parcel Service, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Common Desktop Agent (HKLM\...\{B66D9CD3-E041-427A-BE54-5FC3497612FC}) (Version: 1.62.0 - OEM) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.3 - Foolish IT LLC)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell 2335dn MFP Software Uninstall (HKLM-x32\...\Dell 2335dn MFP) (Version:  - DELL Inc.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FormsComponent (HKLM-x32\...\{91032FF2-836F-4CCA-A1A3-55B966E82907}) (Version: 18.00.0000 - UPS) Hidden
FOSS (HKLM-x32\...\{267FC070-5271-4768-B33A-33E4EA0E3A74}) (Version: 18.00.0000 - UPS) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\{32E600A5-C6F1-38A2-A8CC-B7DEF699D3F1}) (Version: 62.0.3202.94 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 18.00.0000 - UPS)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
join.me (HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\JoinMe) (Version: 2.5.2.1294 - LogMeIn, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 18.00.0000 - UPS) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NA1Messenger (HKLM-x32\...\{D44E7219-947E-4F1B-830E-66EF11ACC543}) (Version: 18.00.0000 - Your Company Name) Hidden
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8 - Notepad++ Team)
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NRF (HKLM-x32\...\{99A0F94F-9F09-4F09-B8D9-E8F1BBBEF212}) (Version: 18.00.0000 - UPS) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PolicyManager (HKLM-x32\...\{2329553C-D499-4476-A20F-9C7E82ED122B}) (Version: 18.00.0000 - UPS) Hidden
QBFC 13.0 (HKLM-x32\...\{42A7A870-C6A9-4EEE-8755-2755E3C60EE4}) (Version: 13.0.0.23 - Intuit Developer Network)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4012.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4012.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Reconciler (HKLM-x32\...\{98C4DE92-27C8-482C-8431-514828756E80}) (Version: 18.00.0000 - UPS) Hidden
ReportServer (HKLM-x32\...\{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}) (Version: 18.00.0000 - Your Company Name) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.6.5.13 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Scan Manager (HKLM-x32\...\{B7E981A3-4517-4B05-98E7-E3E8ED355591}) (Version: 0.00.0013 - Dell)
ScanSoft PaperPort 11 (HKLM-x32\...\{848E36E7-0784-49C3-81F4-DD946ABAF46A}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
ShipStation Connect (HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\...\3aae993d1ca25c50) (Version: 4.2.1.9 - Amazon.com)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoftCookies Connector (HKLM\...\{82731BBB-95E2-4ECD-852F-E64CAA82C2F2}) (Version: 78.0.0 - SoftCookies)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version:  - )
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
SupportUtility (HKLM-x32\...\{31AF8802-BF43-4C43-984B-EC597CF51505}) (Version: 18.00.0000 - UPS) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 18.00.0000 - UPS) Hidden
UnifiedPrinting (HKLM-x32\...\{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}) (Version: 18.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 18.0 - UPS)
UPSDB (HKLM-x32\...\{837896B9-CACA-44EF-B2F8-F6DB3D743595}) (Version: 18.00.0000 - UPS) Hidden
UPSICC (HKLM-x32\...\{390160B4-D276-4A04-8002-8D3101A0D367}) (Version: 18.00.0000 - UPS) Hidden
UPSlinkHTTP (HKLM-x32\...\{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}) (Version: 18.00.0000 - UPS) Hidden
UPSVC2008MM (HKLM-x32\...\{95BFC573-7D09-46C9-B458-A75BA947FFCB}) (Version: 1.00.0000 - UPS) Hidden
UPSVCMM (HKLM-x32\...\{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}) (Version: 12.00.0000 - UPS) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 18.00.0000 - UPS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WorldShip (HKLM-x32\...\{05221EA8-BC66-483B-8036-5CAF7B813C10}) (Version: 18.00.0000 - UPS) Hidden
WSShared (HKLM-x32\...\{4D8761F6-BB0D-48B9-81F3-58EC0CDA2090}) (Version: 18.00.0000 - UPS) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1443137734-1117724155-2645928654-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-08-05] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-19] (Intel Corporation)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2015-04-09] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FD4BF5B-A6CE-4736-879B-2ECBB1B9A3C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-11-14] (Microsoft Corporation)
Task: {5AA2B9EE-B467-403D-9ECB-AFB40E88E162} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {90A82A6F-8B7F-4F92-8FD0-0B41FF05207D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {90AC519F-4F59-4E8E-AAC4-30145AF7B28F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9299365B-68EE-46D6-BF43-4B0DCFA05C25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9C13C836-DD8A-47F8-AFB8-E935DFDA6196} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {A8933510-A3C0-4A68-912C-C1B79AAA0E1E} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2017-10-05] (Foolish IT LLC)
Task: {AB974123-CADA-40DB-960C-00406ECE0F02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {CFA3C552-627A-4BB8-88D8-5F42A0DBB04D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {DE478A6F-029A-44F6-8CCF-98F2F8D76B84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {F10C6479-1E7C-4903-98DC-48241EE08A7B} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-17 10:51 - 2010-04-27 10:33 - 000080896 _____ () C:\Windows\System32\Dell2335Port_x64.dll
2015-05-17 10:50 - 2012-10-25 17:44 - 000034304 _____ () C:\Windows\System32\sdf1ml6.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-19 21:02 - 2015-03-19 21:02 - 000393480 _____ () C:\Windows\system32\igfxTray.exe
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 000462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2016-02-10 09:21 - 2016-02-09 08:15 - 001865216 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBGUIFramework.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000096256 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2016-02-10 09:21 - 2016-02-09 08:15 - 000013824 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Internet Encodings.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000090112 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 005340672 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000031744 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000293376 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2016-02-10 08:19 - 2016-02-09 08:15 - 000110592 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
AlternateDataStreams: C:\Users\Erin\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Erin\Downloads\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Downloads\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1443137734-1117724155-2645928654-1001\Control Panel\Desktop\\Wallpaper -> D:\Photos\Jem_profile.jpg
HKU\S-1-5-21-1443137734-1117724155-2645928654-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: SkypeUpdate => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B161A1A2-46F7-4264-96E1-46CBBF1ABDD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C53BD315-A65C-4A87-B39C-5C7D3C458EB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0801644-4A39-4A83-9DED-186B4F6DE267}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ACFC4F0A-51CD-4F2A-ACEF-3C367E37E1F0}] => (Allow) LPort=2869
FirewallRules: [{89DF8CED-609E-44BE-93E6-0B3FC6778886}] => (Allow) LPort=1900
FirewallRules: [{BFD86277-9FEC-472B-84DF-6081057D4B7B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{57281D3F-2456-4A54-BFEA-97C05E2F6DFA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{76140616-4678-4C44-9061-E99F9568B760}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\ScanMgr2.exe
FirewallRules: [{246783C6-B980-4656-AC25-EF125577FFEE}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\ScanMgr2.exe
FirewallRules: [{404D174D-C780-46BF-BC00-897D85A2F10D}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\USDAgent\USDAgent.exe
FirewallRules: [{19086708-8AE2-4726-9DC7-297DA8C7D98A}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\USDAgent\USDAgent.exe
FirewallRules: [{753A3EDA-AD18-46E3-A7D3-2A31DB776165}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\PropertyUI\Sscan2io.exe
FirewallRules: [{0A0F9493-2EE6-492E-A9B0-76366F82E1CC}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\PropertyUI\Sscan2io.exe
FirewallRules: [{00678FAD-0486-4B04-9071-AE82F4D42B9E}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{85324F5E-C276-4701-85F8-21BC1E26C73C}] => (Allow) C:\Program Files (x86)\DELL\Dell 2335dn MFP\Dell Scan Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{64C9D352-26CA-4FC2-829C-03E615C2FBDE}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{BADC42DF-97A7-4450-931F-1354B10A5A97}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{0ECE5F92-2770-461D-8E13-B70A1A256149}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{1F34D546-141F-44D6-B96D-12EEB7C48BA7}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{880E3582-574B-4F42-9902-94717C92F302}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{795BE804-A4BF-44F1-8A99-4CB935327180}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{24B942F6-BDB1-49F8-A668-6CE5122C10A9}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{807E2EA8-98AA-45FD-A050-0AF5C7E93E4C}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{BE5A83CA-4160-43CA-9326-1D144346E229}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A78CA787-D525-4F07-925B-19A898DF777D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BE02FC8-ADED-42D7-BE2B-A83902966568}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C37A12BB-66CB-4AF7-B776-192DBBB200BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8851FCCA-FA1B-46B6-B147-D11BF315CFCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91B90DB6-94C3-4467-8BCC-19DD2E2CAF5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5BAE8850-987D-4DD5-B69E-4C96998D5F0E}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{41CDC6F0-4A77-400D-8939-BF5F2D305D18}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [TCP Query User{E4D79633-E948-461E-B3CA-316D6F411320}C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe] => (Allow) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [UDP Query User{89CC6A82-9D17-48BD-93C3-7FE7CF055FDC}C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe] => (Allow) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [{DD058683-1191-47E9-A9E5-4CB42D2162FF}] => (Block) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [{91942CAF-0FDA-4B36-BF8C-3D17946FEF74}] => (Block) C:\users\erin\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe
FirewallRules: [TCP Query User{7A6331AC-8AAA-4F69-8FDD-9AFC9B200744}C:\program files (x86)\readyshipper\readyshipper.exe] => (Allow) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [UDP Query User{F2013F0E-65C2-4C1A-82A8-94B1F4DA481B}C:\program files (x86)\readyshipper\readyshipper.exe] => (Allow) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [{931C88C6-448F-4EB0-9FAC-30D121BFDB9C}] => (Block) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [{1BAFF65D-05FF-4EF5-A417-2D4D320ADEC2}] => (Block) C:\program files (x86)\readyshipper\readyshipper.exe
FirewallRules: [{6D840FCC-3CEC-499E-86DA-1047B1F411D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6E15B0DC-994D-4202-9196-393A9E0ADC16}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [{ADD2DD63-4A85-421B-8CED-032B755038C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2017 04:04:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/01/2017 11:35:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219

Error: (12/01/2017 11:35:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219

Error: (12/01/2017 11:35:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2017 07:48:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/01/2017 07:20:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/30/2017 02:28:50 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/30/2017 02:28:50 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_26; ;DBF=D:\Intuit\QuickBooks\Company Files\The Earth Pigments Company_v4.qbw;ENG=QB_data_engine_26;DBN=3112ec2240884c4c9873479f097fad57

Error: (11/30/2017 02:28:50 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
Connection Error:Invalid user ID or password

Error: (11/30/2017 09:47:30 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'


System errors:
=============
Error: (12/01/2017 03:54:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/01/2017 03:53:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CryptoPrevent Email Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/01/2017 03:53:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Monitor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (12/01/2017 07:21:10 AM) (Source: DCOM) (EventID: 10010) (User: ERINNUC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/30/2017 02:28:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/30/2017 12:18:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/30/2017 12:03:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/30/2017 12:03:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================
  Date: 2016-03-06 09:08:19.847
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-06 09:08:19.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:28.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:28.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:28.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-10 07:36:27.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:11.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:11.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:10.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-03 06:59:10.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 59%
Total physical RAM: 4024.1 MB
Available physical RAM: 1625.8 MB
Total Virtual: 10936.1 MB
Available Virtual: 8338.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.27 GB) (Free:18.95 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.76 GB) (Free:105.07 GB) NTFS
Drive e: (WDO_MEDIA64) (Removable) (Total:14.89 GB) (Free:14.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: A667B17C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Tanks! :)



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,146 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:47 PM

Posted 04 December 2017 - 04:09 PM

Duplicate topic. Open topic at https://www.bleepingcomputer.com/forums/t/664267/win-defender-cannot-remove-coinminerbit/


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,146 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:47 PM

Posted 04 December 2017 - 04:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users