Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random FF tabs opening overnight...infected?


  • Please log in to reply
13 replies to this topic

#1 MsDoolittle

MsDoolittle

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 03 August 2018 - 11:34 AM

This computer is used for our business, so all help is greatly appreciated!

 

Over the past several months, random tabs would open overnight (nothing spammy; usually things that I have visited before), so I made sure I closed out of FF completely. Seemed to work, but then this morning I got to work at 8:30am and it had opened up 3 tabs: 2 for Pinterest (which I almost never visit, but I have on this computer) and then two for my own personal blog, which I visit on this computer, but hadn't in several days. I took a screenshot with times (ranging from 4:45am-5:30am) if this helps.

 

Computer is Win 10 Home (yuck), with FF 61.0.1.  I ran Malwarebytes Free and it shows no threats today. On 5/18, it did list a PUP (PUP.optional.Amazon1Button), and I quarantined that, but that's all I have at the moment.

 

This is making me a little nervous since it's our main computer and I don't want anything virus-y or weird on it!

 

 

 Thank you! :)



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 04 August 2018 - 09:53 PM

Greetings MsDoolittle and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Now that you have already started a topic please follow the steps as outlined here. Make sure to copy and paste both logs in your reply. If you receive an error message the content is too long simply post each report in a separate reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 08 August 2018 - 08:34 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 10 August 2018 - 08:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 14 August 2018 - 08:38 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 MsDoolittle

MsDoolittle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 August 2018 - 09:02 AM

Ready!



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 14 August 2018 - 09:30 AM

Very good.

Let's start with this.

I will be away from my computer for a bit but should be replying within a few hours of your reply.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows if necessary
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 MsDoolittle

MsDoolittle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 August 2018 - 01:52 PM

AdWare clean:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-08-13.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-14-2018
# Duration: 00:00:24
# OS:       Windows 10 Home
# Cleaned:  11
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Amazon\ABB

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted       HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted       HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Deleted       HKLM\Software\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2262 octets] - [14/08/2018 13:35:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 14 August 2018 - 03:43 PM

Thank you.

When you are able to complete the FRST scan and post both reports we will continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 MsDoolittle

MsDoolittle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 August 2018 - 04:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Amanda (administrator) on FORCE (14-08-2018 16:03:34)
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TPV-INVENTA TECHNOLOGY CO., LTD.) C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe
(Dropbox, Inc.) C:\Users\Amanda\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(TPV-INVENTA TECHNOLOGY CO., LTD) C:\Program Files (x86)\TNIOSDVolumeSync\TNIOSDVolumeSync.exe
(Dropbox, Inc.) C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Users\Amanda\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileCoAuth.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo Black Silk Input Device Main Program] => C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe [118272 2011-04-19] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2018-07-06] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x64)] => C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe [9728 2012-08-30] (TPV-INVENTA TECHNOLOGY CO., LTD.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3793696981-4227002174-463584454-1001\...\Run: [Dropbox Update] => C:\Users\Amanda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-3793696981-4227002174-463584454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-11-25]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-11-25]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-11-25]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{23fa99c9-7261-4d43-9df5-e56b781df2f9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92bfdf4f-ac4f-42f6-a322-94ac6e501a5c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3793696981-4227002174-463584454-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3793696981-4227002174-463584454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3793696981-4227002174-463584454-1001 -> DefaultScope {9D0F4258-6F6D-4938-9D77-CBC32E0624AA} URL =
SearchScopes: HKU\S-1-5-21-3793696981-4227002174-463584454-1001 -> {9D0F4258-6F6D-4938-9D77-CBC32E0624AA} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-31] (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2016-12-07] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\a7gi0stx.default [2018-08-14]
FF Extension: (Adblock Plus) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\a7gi0stx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-05-24] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FreeRide Games\NPGameTreatPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-24] (Nitro PDF Software)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-12-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TNISrvc; C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [53760 2012-08-30] (TPV-INVENTA TECHNOLOGY CO., LTD.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 LEMo602D; C:\WINDOWS\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax Electronics Ltd.)
S3 LEub602D; C:\WINDOWS\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax Electronics Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-14] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 VMC412; C:\WINDOWS\System32\Drivers\VMC412.sys [241920 2015-06-19] (Vimicro Corporation)
R3 vmuacflt; C:\WINDOWS\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
R0 WinI2C-DDC; C:\WINDOWS\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 16:03 - 2018-08-14 16:05 - 000017935 _____ C:\Users\Amanda\Desktop\FRST.txt
2018-08-14 16:03 - 2018-08-14 16:03 - 000000000 ____D C:\FRST
2018-08-14 16:02 - 2018-08-14 16:02 - 002412544 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2018-08-14 13:34 - 2018-08-14 13:36 - 000000000 ____D C:\AdwCleaner
2018-08-14 12:16 - 2018-08-14 12:16 - 007417040 _____ (Malwarebytes) C:\Users\Amanda\Desktop\adwcleaner_7.2.2.exe
2018-08-07 08:29 - 2018-08-07 08:29 - 000000000 ___HD C:\OneDriveTemp
2018-08-06 08:31 - 2018-08-06 08:31 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-06 08:31 - 2018-08-06 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-08-03 11:05 - 2018-08-14 13:39 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-03 11:05 - 2018-08-03 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-01 13:48 - 2018-08-01 13:48 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 16:04 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-14 16:01 - 2013-11-22 22:38 - 000000000 ___RD C:\Users\Amanda\SkyDrive
2018-08-14 14:44 - 2018-07-06 18:44 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-14 14:44 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-14 14:44 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-14 13:56 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-14 13:56 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-14 13:45 - 2016-12-05 09:54 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla
2018-08-14 13:43 - 2018-07-06 18:36 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-14 13:43 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-14 13:43 - 2016-05-23 07:57 - 000000000 __SHD C:\Users\Amanda\IntelGraphicsProfiles
2018-08-14 13:38 - 2018-07-06 18:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-14 13:38 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-14 13:36 - 2013-09-27 02:09 - 000000000 ____D C:\Program Files (x86)\Amazon
2018-08-14 10:29 - 2018-07-06 18:44 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26943CFC-5319-4225-9E71-F4665037967C}
2018-08-14 09:24 - 2014-02-14 13:50 - 000000000 ___RD C:\Users\Amanda\Documents\Scanned Documents
2018-08-13 22:59 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-10 11:00 - 2018-07-06 18:28 - 000000000 ____D C:\Users\Amanda
2018-08-10 10:59 - 2018-07-06 18:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-10 10:58 - 2016-11-30 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-10 10:58 - 2014-02-28 13:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-10 08:01 - 2014-02-28 13:07 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-09 09:19 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-08 17:22 - 2013-11-23 14:39 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-07 08:29 - 2018-07-06 18:44 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3793696981-4227002174-463584454-1001
2018-08-07 08:29 - 2018-07-06 18:28 - 000002413 _____ C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-06 11:29 - 2018-05-02 12:47 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-08-06 08:31 - 2016-11-02 11:54 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-06 08:31 - 2016-11-02 11:54 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-06 08:31 - 2016-11-02 11:54 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-06 08:31 - 2016-11-02 11:54 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-06 08:31 - 2016-11-02 11:54 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-06 08:31 - 2016-11-02 11:54 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-08-06 08:30 - 2013-09-27 02:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-03 11:05 - 2018-05-02 12:47 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-01 13:49 - 2014-05-16 14:15 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Dropbox
2018-07-31 02:01 - 2018-07-03 02:51 - 000000000 ____D C:\ProgramData\Packages
2018-07-30 22:52 - 2018-01-19 07:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-26 12:27 - 2016-10-03 07:05 - 000000426 _____ C:\WINDOWS\BRWMARK.INI
2018-07-23 08:12 - 2014-02-14 13:43 - 000000000 ____D C:\Users\Amanda\Documents\Force
2018-07-21 13:40 - 2018-07-06 21:24 - 000000000 ____D C:\Windows.old
2018-07-16 22:52 - 2014-01-14 15:45 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-03 07:14 - 2015-07-20 08:03 - 000004189 _____ () C:\Users\Amanda\AppData\Roaming\QBFileDrTool.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-06 18:24

Edited by Oh My!, 14 August 2018 - 07:43 PM.


#11 MsDoolittle

MsDoolittle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 August 2018 - 04:14 PM

Oh good grief, that posted 9 million times. Sheesh



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 14 August 2018 - 07:44 PM

I fixed that but I need you to post the information from the Addition.txt report.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 MsDoolittle

MsDoolittle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 August 2018 - 09:13 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Amanda (15-08-2018 08:13:20)
Running from C:\Users\Amanda\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-07-06 23:45:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3793696981-4227002174-463584454-500 - Administrator - Disabled)
Amanda (S-1-5-21-3793696981-4227002174-463584454-1001 - Administrator - Enabled) => C:\Users\Amanda
DefaultAccount (S-1-5-21-3793696981-4227002174-463584454-503 - Limited - Disabled)
Guest (S-1-5-21-3793696981-4227002174-463584454-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3793696981-4227002174-463584454-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3793696981-4227002174-463584454-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
AngryBirds (HKLM-x32\...\{20CE0033-8F3D-464B-8BA2-A08EB0F27FD3}) (Version: 1.01.0618 - Rovio)
Comparing (HKLM-x32\...\{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4030 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0423 - Lenovo)
Dropbox (HKU\S-1-5-21-3793696981-4227002174-463584454-1001\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Find the Differences (HKLM-x32\...\{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.83.01 - Exent Technologies)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
GamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mammals (HKLM-x32\...\{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793696981-4227002174-463584454-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.2.6793 - Mozilla)
Nitro Pro 8 (HKLM\...\{5B441131-BBE4-4AB7-BBD2-974B9E6F5587}) (Version: 8.5.4.11 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Puzzle (HKLM-x32\...\{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
QuickBooks (HKLM-x32\...\{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}) (Version: 24.0.4015.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4014.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
timer (HKLM-x32\...\{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
TNIOSDVolumeSync (HKLM-x32\...\{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
TNIOSDVolumeSync (HKLM-x32\...\InstallShield_{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3793696981-4227002174-463584454-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-05-24] (Nitro PDF)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1_S-1-5-21-3793696981-4227002174-463584454-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3793696981-4227002174-463584454-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3793696981-4227002174-463584454-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-30] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C34C00D-7903-4128-B5D5-D750DE266DAF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {12F8552B-DBE0-435A-9541-DF6CED2B505C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {14E355AF-7446-4D1D-A76C-C022D6D0BCBD} - System32\Tasks\Lenovo\Lenovo-28097 => C:\ProgramData\Lenovo-28097.vbs [2013-09-27] () <==== ATTENTION
Task: {2016607C-54C6-4038-9DC3-0BC573AC79F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {27C499AC-08C0-4F24-A35C-02AFC8081A64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {28CA6E82-EB96-4748-8A83-9C4C1F6185D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {2F7D3745-AF37-4A91-81F2-899734520AEA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {327429AA-199E-4B57-8BE7-DFEAE4AFD35B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3AF5D5E5-A165-478C-8CB6-C617675CF451} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3B73F112-3FDB-4178-B060-0B99434703ED} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3793696981-4227002174-463584454-1001UA1d236fe31c3d9ed => C:\Users\Amanda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {3CE5E8AF-094A-45F6-936F-1D295AFB9915} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-31] (Microsoft Corporation)
Task: {414B25CA-3E80-49FE-ACA5-39D989E6A802} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4476AEBE-8A73-46AA-A2D5-B1F0B394F101} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {54F28630-7AF1-4B59-9C59-8AB5934DC48C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {56440387-3205-498B-A7B1-A7F107185B5F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3793696981-4227002174-463584454-1001Core1d236fe31aa02a4 => C:\Users\Amanda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {5B662032-AB7C-4374-B23E-D1724F5E3642} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5CF82ED8-8113-4975-A90E-F36BF6FB91D9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {60B07ABE-6C3D-47AE-884D-DC3D234C4A78} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {6244BC05-71AB-4311-96BC-9EC608F34E7B} - \WPD\SqmUpload_S-1-5-21-3793696981-4227002174-463584454-1001 -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6AA19621-8321-47FC-A3DF-BE3EACFFE02B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6CE750B1-99EB-4F2C-B634-4027ECCF4BAA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {725E81C2-6C13-4449-B101-9F6342EA1541} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {764E32EF-2872-4BAD-A753-0A335A7CBCA0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8F3DEB64-70D3-4002-9D22-9478764469DD} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {99095B44-3C30-443B-B6EE-F86EF95B16A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9EEAAD7E-434F-4B8B-9E4D-372310F88B39} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A14C8018-B4B6-4D3F-A437-F0BA6B8AEFA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {A8460472-8E2F-45C3-875C-50519E8C6676} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AB659375-05F5-4FC8-8208-BF9B0D9B5A10} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {B1470409-ABB1-41A1-95E2-3D4CB43A9F22} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-31] (Microsoft Corporation)
Task: {BE6043DF-9863-47DE-96E5-77A41C436932} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C20D97CA-5B51-491B-9B9D-588A50891675} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-11] (Microsoft Corporation)
Task: {C63BADC0-94F4-41A9-98DD-C413A25D4380} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {C68F74D6-6AD1-41DA-A441-1BD224F2F256} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D8FF2D05-C374-488D-B1E0-B9AA8A882846} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {F0986FC9-C6EE-497F-98CE-E2479892EAE5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {F9C6F88A-3862-426A-901C-E41ED945857A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3793696981-4227002174-463584454-1001Core1d236fe31aa02a4.job => C:\Users\Amanda\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3793696981-4227002174-463584454-1001UA1d236fe31c3d9ed.job => C:\Users\Amanda\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2013-09-27 02:13 - 2013-05-14 13:53 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2018-05-02 12:47 - 2018-08-06 11:29 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 08:09 - 2018-07-06 01:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 05:49 - 2018-07-17 05:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 05:49 - 2018-07-17 05:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 05:49 - 2018-07-17 05:50 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 05:49 - 2018-07-17 05:50 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 05:49 - 2018-07-17 05:50 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-03 02:49 - 2018-07-03 02:50 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-08-11 21:51 - 2018-08-11 21:52 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-11 21:51 - 2018-08-11 21:52 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-11 21:51 - 2018-08-11 21:52 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 23:16 - 2017-09-25 23:31 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-11 21:51 - 2018-08-11 21:52 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-26 17:14 - 2018-07-26 17:14 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-01-03 10:44 - 2018-01-03 11:47 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-14 09:47 - 2018-07-14 09:48 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-04-25 20:08 - 2018-04-25 20:09 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-14 09:47 - 2018-07-14 09:47 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-07-14 09:47 - 2018-07-14 09:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-28 22:49 - 2018-03-28 23:48 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-14 09:47 - 2018-07-14 09:48 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 12:04 - 2018-05-30 12:05 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-14 09:47 - 2018-07-14 09:48 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 000162816 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\SKU.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 000045056 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2018-07-26 17:14 - 2018-07-26 17:14 - 000093184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2018-08-14 13:55 - 2018-08-14 13:56 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
2018-08-14 13:55 - 2018-08-14 13:56 - 034701824 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2017-09-25 23:16 - 2017-09-25 23:31 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-07-29 21:48 - 2016-07-29 21:51 - 001651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2013-09-27 01:52 - 2012-10-22 16:22 - 001199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-04 18:59 - 2009-12-04 18:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 19:04 - 2009-12-04 19:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-12-07 04:48 - 2016-12-07 04:48 - 000583960 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2016-12-07 04:51 - 2016-12-07 04:51 - 000021272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2016-12-07 04:49 - 2016-12-07 04:49 - 000623384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2016-12-07 04:51 - 2016-12-07 04:51 - 000143128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2016-12-07 04:50 - 2016-12-07 04:50 - 000624408 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2016-12-07 04:51 - 2016-12-07 04:51 - 000149784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2016-12-07 04:49 - 2016-12-07 04:49 - 000247064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2013-08-19 11:03 - 2013-08-19 11:03 - 000059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2016-12-07 04:50 - 2016-12-07 04:50 - 000823576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2016-12-07 04:50 - 2016-12-07 04:50 - 000043800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2016-12-07 04:50 - 2016-12-07 04:50 - 000087832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll
2016-12-07 04:50 - 2016-12-07 04:50 - 000104216 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll
2016-12-07 04:52 - 2016-12-07 04:52 - 000505112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll
2016-12-07 04:52 - 2016-12-07 04:52 - 000129304 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll
2016-12-07 04:51 - 2016-12-07 04:51 - 000113432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll
2016-12-07 04:50 - 2016-12-07 04:50 - 000060184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll
2016-12-07 04:52 - 2016-12-07 04:52 - 000115992 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll
2018-08-01 13:48 - 2018-07-30 20:25 - 001108672 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-08-01 13:48 - 2018-07-30 20:25 - 002247872 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-08-01 13:48 - 2018-07-30 20:28 - 000021704 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000022752 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000135840 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 001881816 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000023768 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000111760 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-08-01 13:48 - 2018-07-30 20:25 - 000103576 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000069320 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000080064 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000400016 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-08-01 13:48 - 2018-07-30 20:25 - 000024728 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000043680 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000021656 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000125080 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000114848 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000392392 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000030432 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000024736 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000175768 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000024728 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000026264 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000048800 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000058016 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000024784 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000022728 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000026336 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000070360 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000025296 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000029904 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 003866304 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000089272 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 001800896 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 001960640 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000028824 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000155856 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000521920 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000051400 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000043720 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000131264 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000220872 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000205512 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000061080 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000056536 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000024224 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000025304 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000023776 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000022752 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000023768 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000028392 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000348312 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000102088 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000024800 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000026840 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000036496 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\librsync.dll
2018-08-01 13:48 - 2018-07-30 20:26 - 000034528 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:25 - 000293392 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2018-08-01 13:48 - 2018-07-30 20:28 - 000023776 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000181432 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-08-01 13:48 - 2018-07-30 20:28 - 000031952 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:26 - 000024752 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-08-01 13:48 - 2018-07-30 20:26 - 001638576 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-08-01 13:48 - 2018-07-30 20:28 - 000090840 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:28 - 000027352 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000547008 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-08-01 13:48 - 2018-07-30 20:27 - 000360128 _____ () C:\Users\Amanda\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Amanda\Documents\ecform.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Amanda\Documents\ecform.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3793696981-4227002174-463584454-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\FORCEFB.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61E4BE74-008A-41A8-8BE7-CD21D6F1AE95}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{CFAB9BA8-B964-45E8-B20E-CBC3221A2E7E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{BEB1F3D0-7890-4F79-811F-9DC691B47FAF}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{B8A874B4-045F-40A0-AA16-1A3AFBB44324}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{48F01179-E56C-4948-AF2C-3C350AB87681}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8F17F150-5224-4D45-BF50-1CB3091BCFC3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0155FA3E-6292-4F6D-96DC-F3F26BF4A730}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{41C93327-D09E-495D-989E-E211878B110F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{45F5074E-B9A9-4DE9-9294-563B9D04E9D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0ADCF108-2D82-44B9-BF2B-7279C9217FA0}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DFD9C9E8-6DB6-449C-AD72-74DB2F914427}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{029596ED-4162-4B3E-8415-F715FC78BFF5}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{EBF230A9-27AC-4759-9DD7-449A8900591D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7BCAC5AD-169B-45C5-AAB6-44FCC43836E9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0EBD16FC-E86F-4472-81D4-05153F1B91BD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C2B7F197-90B2-4975-B358-4B24748AC66B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{67B8D8D2-2A55-47F2-A82D-445B4F0D5E56}] => (Allow) C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{512B5860-DE1D-4160-91A3-C2082F0F0763}] => (Allow) C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{36F3EAB3-9D57-4CE5-8239-689C9F233FF5}] => (Allow) C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{D10C1CB9-9AEC-4574-B9FF-F53C8C66414E}C:\users\amanda\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\amanda\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{DAFC6151-8E57-4897-8D79-0B315AA043DC}C:\users\amanda\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\amanda\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{D621EA27-134D-407A-8D06-AE9AC12B1860}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBEC702F-C9EC-4C61-9BE4-EB47CD4728E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7E2BC36D-36EE-4727-B01F-17202D4CDAA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{085E7883-9865-412B-B1FE-2DA0F52E25ED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8ADEB3E3-5E44-440C-807D-F45125C76E54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8106FD86-B500-42C3-BF68-BC04782464CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3D4CA184-A013-4468-837C-2D9A374559DD}D:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [UDP Query User{88B3A3C2-88B8-420A-AC41-AF72E3877AE7}D:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [{16AC10D6-61AB-4617-9537-202FEE4C8EF2}] => (Block) D:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [{9EA8B0DD-CCF8-4AD0-9305-B0157ED1DEE5}] => (Block) D:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [{42AD0E10-90D8-4968-A907-FC5202BEDA7E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-07-2018 07:43:09 Windows Update
01-08-2018 01:32:00 Windows Modules Installer
02-08-2018 03:29:30 Windows Modules Installer
03-08-2018 05:29:19 Windows Modules Installer
06-08-2018 09:30:04 Windows Modules Installer
07-08-2018 11:30:26 Windows Modules Installer
08-08-2018 13:29:58 Windows Modules Installer
09-08-2018 15:30:02 Windows Modules Installer
10-08-2018 16:59:11 Windows Modules Installer
11-08-2018 18:59:06 Windows Modules Installer
12-08-2018 20:59:05 Windows Modules Installer
13-08-2018 22:59:16 Windows Modules Installer
15-08-2018 07:40:32 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2018 07:35:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/14/2018 03:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
Faulting module name: VimicroAPOX64.dll, version: 334.7.2.6, time stamp: 0x4f631264
Exception code: 0xc0000005
Fault offset: 0x000000000000b508
Faulting process id: 0x2998
Faulting application start time: 0x01d4341150121fe6
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\VimicroAPOX64.dll
Report Id: fb66684b-0506-417c-9b5f-bf359abe7a15
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2018 03:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
Faulting module name: VimicroAPOX64.dll, version: 334.7.2.6, time stamp: 0x4f631264
Exception code: 0xc0000005
Fault offset: 0x000000000000b508
Faulting process id: 0x2998
Faulting application start time: 0x01d4341150121fe6
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\VimicroAPOX64.dll
Report Id: 505fb04e-a354-4a2c-bb67-9167af8a59bc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2018 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
Faulting module name: VimicroAPOX64.dll, version: 334.7.2.6, time stamp: 0x4f631264
Exception code: 0xc0000005
Fault offset: 0x000000000000b508
Faulting process id: 0x2998
Faulting application start time: 0x01d4341150121fe6
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\VimicroAPOX64.dll
Report Id: 25804b3a-eed0-4923-b9fa-6a97fd7c107a
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2018 12:09:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: INVOICE, TxnID: 373830

Error: (08/14/2018 12:05:13 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: INVOICE, TxnID: 373830

Error: (08/14/2018 12:01:02 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling add notification to Left Nav Bar- TxnType: INVOICE, TxnID: 373830

Error: (08/14/2018 11:43:35 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
LeftNavDataHelper: Error handling modify notification to Left Nav Bar - TxnType: INVOICE, TxnID: 373820


System errors:
=============
Error: (08/15/2018 07:35:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 04:20:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 01:53:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 01:43:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 01:37:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/14/2018 01:37:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/14/2018 01:37:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IdeaTouch.LocalDataServer.Game service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/14/2018 01:37:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dashboard Service service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-08-10 11:09:59.295
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.1167.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 63%
Total physical RAM: 3984.46 MB
Available physical RAM: 1438.11 MB
Total Virtual: 7362.86 MB
Available Virtual: 2528.02 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:845.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (CD113A2) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

\\?\Volume{c3f0c804-bbf9-40cd-965c-643860f0128c}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{6e4e2258-410c-46a7-b8d7-51cf23136f00}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{aafa71ac-534e-412d-a30a-d63b750314c8}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:8.93 GB) NTFS
\\?\Volume{b113f6b3-0e41-421c-af36-4f6085d346ff}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7AB87173)

Partition: GPT.

==================== End of Addition.txt ============================



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 AM

Posted 15 August 2018 - 02:47 PM

Greetings Amanda.

Are you saying you closed Firefox and the program launched automatically and displayed the tabs? Have you used and/or had any issues with Internet Explorer?

Please do this. It is possible the report will be too long to copy and paste. If so, attach the Fixlog.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3793696981-4227002174-463584454-1001 -> DefaultScope {9D0F4258-6F6D-4938-9D77-CBC32E0624AA} URL =
SearchScopes: HKU\S-1-5-21-3793696981-4227002174-463584454-1001 -> {9D0F4258-6F6D-4938-9D77-CBC32E0624AA} URL =
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FreeRide Games\NPGameTreatPlugin.dll
AlternateDataStreams: C:\Users\Amanda\Documents\ecform.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Amanda\Documents\ecform.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
C:\Program Files (x86)\Amazon
cmd: type C:\ProgramData\Lenovo-28097.vbs
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then continually click Next until you click Install
  • Click Finish
  • Click Accept
  • Under # Software Version if it does not indicate up to date click Check for updates >>
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Firefox/Internet Explorer
  • Fixlog
  • RogueKiller log

Edited by Oh My!, 15 August 2018 - 05:28 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users