Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92398 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

computer running slow after locking up on adwcleaner


  • This topic is locked This topic is locked
25 replies to this topic

#1 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 25 September 2019 - 09:52 AM

Computer had been randomly shutting down when not in use.  started with basic maintenance, cleaned interior both fans were working.  Updated drivers using Dell supportassit.  Ran hardware diagnostics from system bios, all past, ran disc defrag.  Issue still happened.  Ran adwcleaner that found a pup during quarantine of pup and some of the preinstalled software system locked up, ended up restarting it. System began running slow. Ran malware bytes, quarantined a Trojan that was in startup file.  no difference in speed.  when trying to run aswMBR I get blue screen see attached image. 

 

frst results attached.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2019
Ran by Administrator (administrator) on ACCOUNTING (Dell Inc. OptiPlex 3020) (25-09-2019 09:08:33)
Running from C:\Users\administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Tech & Office & Administrator & Green Oaks North)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc. -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® USB eXtensible Host Controller Drivers -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\makecab.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8464600 2015-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856 2015-03-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299520 2017-05-11] (Intel® USB eXtensible Host Controller Drivers -> Intel Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4585368 2019-08-19] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-03-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2019-03-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2019-03-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2019\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D437581-703A-41F5-9EC2-C026810B5CAD} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856 2015-03-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {4AEEF922-1DF9-4537-88A3-4438984E08C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {5E5491CC-1F1C-4546-8141-82C229564553} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-15] (Google Inc -> Google LLC)
Task: {8DA21C5A-9489-4EA6-9D79-17FA8481DC79} - System32\Tasks\AdwCleaner_onReboot => C:/Users/tech/Desktop/adwcleaner_7.2.5.0.exe
Task: {C7A59146-362C-49B1-BC8F-A783916C0D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-15] (Google Inc -> Google LLC)
Task: {DF781380-CAB3-40C7-8A08-24471CF03221} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [726488 2019-09-10] (Dell Inc. -> Dell Inc.)
Task: {E60464EB-9E98-4C62-AF81-C8F645F92BDF} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [389168 2019-06-07] (Intuit, Inc. -> Intuit Inc.)
Task: {EEF97AD8-6C75-421C-B5C6-DED0EC1C7D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2016-02-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.113.2
Tcpip\..\Interfaces\{3AB47572-4B1F-4066-964F-A335B5C11632}: [DhcpNameServer] 192.168.113.2
Tcpip\..\Interfaces\{EA504645-3E57-4310-AA82-A4F6C375A4C1}: [DhcpNameServer] 192.168.113.2

Internet Explorer:
==================
HKU\S-1-5-21-1951382-3801802459-3850981174-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCTE
HKU\S-1-5-21-1951382-3801802459-3850981174-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1951382-3801802459-3850981174-500 -> DefaultScope {2362CE3C-7A5A-4771-B2A4-364464D2E2BF} URL =
SearchScopes: HKU\S-1-5-21-1951382-3801802459-3850981174-500 -> {2362CE3C-7A5A-4771-B2A4-364464D2E2BF} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2019-06-06] (Webroot Inc. -> Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-09-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2019-06-06] (Webroot Inc. -> Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-09-19] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP5EP2-10002/webex/ieatgpc1.cab
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2019-06-07] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-09-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-09-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"NAL" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\NAL => \??\C:\Windows\system32\Drivers\iqvw64e.sys <==== ATTENTION (Rootkit!/Locked Service)
"PCDSRVC{A1EF77D3-5C5D2C9F-06020300}_0" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PCDSRVC{A1EF77D3-5C5D2C9F-06020300}_0 => c:\program files\dell\supportassistagent\pcdr\supportassist\6.0.7033.2285\pcdsrvc_x64.pkms [56192 2019-09-19] (PC-Doctor, Inc. -> PC-Doctor, Inc.) <==== ATTENTION (Rootkit!/Locked Service)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209448 2019-05-21] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3373600 2019-05-21] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218144 2019-05-21] (Dell Inc -> Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell Inc -> Dell)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe [1050952 2019-09-19] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc -> Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-09] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc. -> Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2017-11-14] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2018-11-15] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc. -> Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (Dell Inc. -> SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [48600 2019-09-10] (Dell Inc. -> Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-16] (TeamViewer GmbH -> TeamViewer GmbH)
S4 VIAService; C:\Program Files (x86)\Elinc\Via\Via Service\Eklin.Via.Service.exe [14336 2017-09-19] (VIA Information Systems) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-02-15] (Microsoft Windows -> Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4585368 2019-08-19] (Webroot Inc. -> Webroot)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2740056 2015-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc. -> Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc. -> Invincea, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [144784 2018-08-20] (Webroot Inc. -> Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [77080 2019-06-06] (Webroot Inc. -> Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-25 09:08 - 2019-09-25 09:18 - 000018417 _____ C:\Users\administrator\Desktop\FRST.txt
2019-09-25 09:04 - 2019-09-25 09:12 - 000000000 ____D C:\FRST
2019-09-25 09:03 - 2019-09-25 09:03 - 000282488 _____ C:\Windows\Minidump\092519-20982-01.dmp
2019-09-25 09:01 - 2019-09-25 08:42 - 001615872 _____ (Farbar) C:\Users\administrator\Desktop\FRST64.exe
2019-09-25 09:01 - 2019-09-25 08:40 - 005198336 _____ (AVAST Software) C:\Users\administrator\Desktop\aswMBR.exe
2019-09-25 08:50 - 2019-09-25 08:50 - 000282488 _____ C:\Windows\Minidump\092519-26161-01.dmp
2019-09-24 08:47 - 2019-09-24 08:47 - 000000000 ____D C:\Users\tech\AppData\Local\mbam
2019-09-24 08:40 - 2019-09-24 08:40 - 000000000 ____D C:\Users\tech\AppData\Local\mbamtray
2019-09-24 08:39 - 2019-09-24 08:39 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-09-24 08:36 - 2019-09-24 08:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-24 08:36 - 2019-09-24 08:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-21 21:22 - 2019-09-21 21:22 - 000000000 ____D C:\Users\tech\AppData\Local\Adobe
2019-09-21 11:49 - 2019-09-21 11:49 - 007636680 _____ (Malwarebytes) C:\Users\tech\Desktop\adwcleaner_7.4.1.exe
2019-09-20 10:59 - 2015-07-11 08:15 - 000429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2019-09-20 09:19 - 2019-08-12 21:50 - 006135808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-20 09:19 - 2019-08-12 19:56 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-20 09:19 - 2019-07-23 19:37 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-09-20 09:19 - 2018-11-17 21:44 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2019-09-20 09:19 - 2018-11-17 21:44 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2019-09-20 04:24 - 2014-12-11 12:47 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2019-09-19 22:46 - 2013-10-01 20:10 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2019-09-19 22:45 - 2013-10-01 21:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2019-09-19 22:45 - 2013-10-01 21:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2019-09-19 22:45 - 2013-10-01 21:08 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2019-09-19 22:45 - 2013-10-01 20:48 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2019-09-19 22:45 - 2013-10-01 20:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2019-09-19 22:45 - 2013-10-01 20:29 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-09-19 22:45 - 2013-10-01 19:15 - 001057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-09-19 22:45 - 2013-10-01 19:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2019-09-19 22:45 - 2013-10-01 19:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2019-09-19 22:45 - 2013-10-01 18:58 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-09-19 22:45 - 2013-10-01 18:31 - 001147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2019-09-19 22:45 - 2013-10-01 18:08 - 000855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-09-19 22:45 - 2013-10-01 17:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2019-09-19 20:14 - 2012-08-23 09:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2019-09-19 20:14 - 2012-08-23 09:08 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2019-09-19 20:13 - 2012-08-23 06:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2019-09-19 20:13 - 2012-08-23 05:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2019-09-19 15:04 - 2015-12-16 13:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2019-09-19 15:04 - 2015-12-16 13:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2019-09-19 15:04 - 2015-12-16 13:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2019-09-19 15:04 - 2015-12-16 13:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2019-09-19 15:04 - 2015-12-16 13:48 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2019-09-19 15:04 - 2015-12-16 13:48 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2019-09-19 13:24 - 2019-09-20 14:53 - 000434336 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-19 10:51 - 2019-09-19 10:51 - 000000628 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2019-09-19 10:51 - 2019-09-19 10:51 - 000000628 _____ C:\ProgramData\Desktop\Intel® HD Graphics Control Panel.lnk
2019-09-19 10:31 - 2019-09-19 10:31 - 000000000 _____ C:\Windows\invcol.tmp
2019-09-19 10:05 - 2019-09-19 10:05 - 000003812 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2019-09-19 10:04 - 2019-09-19 10:04 - 000000000 ____D C:\ProgramData\Dell Inc
2019-09-19 10:03 - 2019-09-19 10:03 - 000000000 ____D C:\Windows\system32\appmgmt
2019-09-19 09:57 - 2019-09-19 09:57 - 000000000 ____D C:\Users\administrator\AppData\Roaming\PCDr
2019-09-19 09:54 - 2019-09-19 09:54 - 007636680 _____ (Malwarebytes) C:\Users\administrator\Desktop\adwcleaner_7.4.1.exe
2019-09-19 09:50 - 2019-09-19 09:50 - 000000000 ____D C:\Users\administrator\AppData\Local\TeamViewer
2019-09-10 14:37 - 2019-08-15 20:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-09-10 14:37 - 2019-08-15 19:56 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-09-10 14:36 - 2019-08-28 21:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-09-10 14:36 - 2019-08-28 21:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-09-10 14:36 - 2019-08-28 21:55 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-09-10 14:36 - 2019-08-28 21:54 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-09-10 14:36 - 2019-08-28 21:53 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-10 14:36 - 2019-08-28 21:53 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-09-10 14:36 - 2019-08-28 21:53 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-09-10 14:36 - 2019-08-28 21:53 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-09-10 14:36 - 2019-08-28 21:53 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-09-10 14:36 - 2019-08-28 21:52 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:51 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 001078784 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-09-10 14:36 - 2019-08-28 21:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-09-10 14:36 - 2019-08-28 21:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-09-10 14:36 - 2019-08-28 21:22 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-09-10 14:36 - 2019-08-28 21:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-09-10 14:36 - 2019-08-28 21:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-09-10 14:36 - 2019-08-28 21:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-09-10 14:36 - 2019-08-28 21:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-09-10 14:36 - 2019-08-28 21:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-09-10 14:36 - 2019-08-28 21:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-09-10 14:36 - 2019-08-28 21:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-09-10 14:36 - 2019-08-28 21:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-09-10 14:36 - 2019-08-28 21:19 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-09-10 14:36 - 2019-08-28 21:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-09-10 14:36 - 2019-08-28 21:18 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-09-10 14:36 - 2019-08-28 21:15 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-09-10 14:36 - 2019-08-28 21:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-09-10 14:36 - 2019-08-28 21:15 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-09-10 14:36 - 2019-08-28 21:15 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-09-10 14:36 - 2019-08-28 21:15 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-10 14:36 - 2019-08-28 21:15 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-09-10 14:36 - 2019-08-28 21:14 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-09-10 14:36 - 2019-08-28 21:14 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-09-10 14:36 - 2019-08-28 21:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-09-10 14:36 - 2019-08-28 21:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-09-10 14:36 - 2019-08-28 21:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-09-10 14:36 - 2019-08-28 21:14 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-09-10 14:36 - 2019-08-28 21:14 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-09-10 14:36 - 2019-08-27 15:50 - 000390536 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-09-10 14:36 - 2019-08-27 14:59 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-09-10 14:36 - 2019-08-27 00:07 - 025752064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-10 14:36 - 2019-08-26 22:41 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-09-10 14:36 - 2019-08-26 22:41 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-09-10 14:36 - 2019-08-26 22:29 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-10 14:36 - 2019-08-26 22:27 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-10 14:36 - 2019-08-26 22:27 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-09-10 14:36 - 2019-08-26 22:27 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-09-10 14:36 - 2019-08-26 22:27 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-09-10 14:36 - 2019-08-26 22:26 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-09-10 14:36 - 2019-08-26 22:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-09-10 14:36 - 2019-08-26 22:20 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-09-10 14:36 - 2019-08-26 22:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-09-10 14:36 - 2019-08-26 22:17 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-10 14:36 - 2019-08-26 22:17 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-10 14:36 - 2019-08-26 22:16 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-09-10 14:36 - 2019-08-26 22:16 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-09-10 14:36 - 2019-08-26 22:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-09-10 14:36 - 2019-08-26 22:15 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-09-10 14:36 - 2019-08-26 22:15 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-10 14:36 - 2019-08-26 22:08 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-09-10 14:36 - 2019-08-26 22:05 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-09-10 14:36 - 2019-08-26 22:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-09-10 14:36 - 2019-08-26 22:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-09-10 14:36 - 2019-08-26 22:02 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-09-10 14:36 - 2019-08-26 22:02 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-09-10 14:36 - 2019-08-26 22:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-09-10 14:36 - 2019-08-26 21:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-09-10 14:36 - 2019-08-26 21:59 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-09-10 14:36 - 2019-08-26 21:58 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-09-10 14:36 - 2019-08-26 21:58 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-09-10 14:36 - 2019-08-26 21:56 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-09-10 14:36 - 2019-08-26 21:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-09-10 14:36 - 2019-08-26 21:55 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-09-10 14:36 - 2019-08-26 21:54 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-09-10 14:36 - 2019-08-26 21:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-10 14:36 - 2019-08-26 21:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-09-10 14:36 - 2019-08-26 21:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-09-10 14:36 - 2019-08-26 21:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-09-10 14:36 - 2019-08-26 21:52 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-09-10 14:36 - 2019-08-26 21:50 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-09-10 14:36 - 2019-08-26 21:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-09-10 14:36 - 2019-08-26 21:42 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-10 14:36 - 2019-08-26 21:40 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-09-10 14:36 - 2019-08-26 21:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-09-10 14:36 - 2019-08-26 21:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-09-10 14:36 - 2019-08-26 21:39 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-10 14:36 - 2019-08-26 21:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-09-10 14:36 - 2019-08-26 21:37 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-10 14:36 - 2019-08-26 21:37 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-09-10 14:36 - 2019-08-26 21:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-09-10 14:36 - 2019-08-26 21:36 - 015389184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-10 14:36 - 2019-08-26 21:36 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-09-10 14:36 - 2019-08-26 21:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-09-10 14:36 - 2019-08-26 21:34 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-10 14:36 - 2019-08-26 21:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-09-10 14:36 - 2019-08-26 21:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-09-10 14:36 - 2019-08-26 21:28 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-09-10 14:36 - 2019-08-26 21:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-09-10 14:36 - 2019-08-26 21:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-09-10 14:36 - 2019-08-26 21:26 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-10 14:36 - 2019-08-26 21:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-09-10 14:36 - 2019-08-26 21:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-09-10 14:36 - 2019-08-26 21:15 - 001568256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-10 14:36 - 2019-08-26 21:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-09-10 14:36 - 2019-08-26 21:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-09-10 14:36 - 2019-08-26 21:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-10 14:36 - 2019-08-26 21:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-09-10 14:36 - 2019-08-22 17:07 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-10 14:36 - 2019-08-20 20:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-09-10 14:36 - 2019-08-20 20:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-09-10 14:36 - 2019-08-20 20:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-09-10 14:36 - 2019-08-20 20:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-09-10 14:36 - 2019-08-20 18:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-09-10 14:36 - 2019-08-19 23:24 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-10 14:36 - 2019-08-19 23:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-09-10 14:36 - 2019-08-19 23:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-09-10 14:36 - 2019-08-19 23:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-09-10 14:36 - 2019-08-19 23:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-09-10 14:36 - 2019-08-19 22:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-10 14:36 - 2019-08-19 22:51 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-10 14:36 - 2019-08-19 21:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-10 14:36 - 2019-08-15 02:59 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-10 14:36 - 2019-08-15 02:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-10 14:36 - 2019-08-14 12:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-10 14:36 - 2019-08-14 12:53 - 000253440 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2019-09-10 14:36 - 2019-08-14 00:22 - 000374496 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-09-10 14:36 - 2019-08-14 00:20 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-10 14:36 - 2019-08-14 00:20 - 000282112 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2019-09-10 14:36 - 2019-08-13 23:52 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-10 14:36 - 2019-08-13 17:20 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-10 14:36 - 2019-08-13 17:19 - 000988384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-10 14:36 - 2019-08-13 17:19 - 000267488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-09-10 14:36 - 2019-08-13 17:16 - 001009664 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-09-10 14:36 - 2019-08-13 17:16 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-10 14:36 - 2019-08-13 17:15 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-10 14:36 - 2019-08-13 17:15 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-10 14:36 - 2019-08-13 17:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-09-10 14:36 - 2019-08-13 17:13 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-09-10 14:36 - 2019-08-13 17:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-10 14:36 - 2019-08-13 17:13 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-09-10 14:36 - 2019-08-12 21:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-10 14:36 - 2019-08-12 21:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-10 14:36 - 2019-08-12 21:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-09-10 14:36 - 2019-08-12 21:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-10 14:36 - 2019-08-12 19:56 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-10 14:36 - 2019-08-12 19:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-06 16:10 - 2019-07-29 21:20 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-09-06 16:10 - 2019-07-29 21:20 - 000517632 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-09-06 16:10 - 2019-07-29 21:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-09-06 16:10 - 2019-07-29 21:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-09-06 16:10 - 2019-07-29 21:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-09-06 16:10 - 2019-07-29 21:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-09-06 16:10 - 2019-07-29 20:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-09-06 16:10 - 2019-07-13 03:36 - 000289720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-09-06 16:10 - 2019-07-13 03:35 - 001894840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-09-06 16:10 - 2019-07-13 03:35 - 000378808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-09-06 16:10 - 2019-07-13 03:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-09-06 16:10 - 2019-07-13 03:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
2019-09-06 16:10 - 2019-07-13 03:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2019-09-06 16:10 - 2019-07-13 03:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2019-09-06 16:10 - 2019-07-13 03:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-09-06 16:10 - 2019-07-13 03:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
2019-09-06 16:10 - 2019-07-13 03:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-09-06 16:10 - 2019-07-13 03:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-09-06 16:10 - 2019-07-13 03:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-09-06 16:10 - 2019-07-13 03:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2019-09-06 16:10 - 2019-07-13 03:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-09-06 16:10 - 2019-07-13 03:32 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-09-06 16:10 - 2019-07-13 03:31 - 000318976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-09-06 16:10 - 2019-07-13 03:31 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-09-06 16:10 - 2019-07-13 03:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-09-06 16:10 - 2019-07-13 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-09-06 16:10 - 2019-07-13 03:31 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2019-09-06 16:10 - 2019-07-13 03:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-09-06 16:10 - 2019-07-13 03:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcmonitor.dll
2019-09-06 16:10 - 2019-07-03 20:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-09-06 16:10 - 2019-07-03 20:14 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-08-28 14:00 - 2019-08-28 14:00 - 000000000 ____D C:\Users\tech\AppData\Roaming\TeamViewer
2019-08-26 12:37 - 2019-08-26 12:37 - 000000000 ____H C:\Users\tech\Documents\Default.rdp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-25 09:15 - 2016-02-15 15:19 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2019-09-25 09:15 - 2009-07-13 23:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-25 09:15 - 2009-07-13 23:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-25 09:08 - 2016-02-26 10:39 - 000121096 _____ C:\Users\administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2019-09-25 09:04 - 2019-08-16 15:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-09-25 09:04 - 2017-11-20 12:40 - 000000000 ____D C:\ProgramData\WRData
2019-09-25 09:04 - 2016-02-26 10:38 - 000000000 __SHD C:\Users\administrator\IntelGraphicsProfiles
2019-09-25 09:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2019-09-25 09:03 - 2018-11-27 13:36 - 000000000 ____D C:\Windows\Minidump
2019-09-25 09:03 - 2018-11-27 13:35 - 1336882416 _____ C:\Windows\MEMORY.DMP
2019-09-25 09:03 - 2017-11-20 12:40 - 000181536 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2019-09-25 09:03 - 2017-11-20 12:40 - 000112480 _____ (Webroot) C:\Windows\system32\WRusr.dll
2019-09-25 09:03 - 2016-02-24 08:18 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2019-09-25 09:03 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-25 08:58 - 2009-07-14 00:13 - 000810314 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-25 08:58 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-09-25 08:56 - 2016-02-26 10:38 - 000000000 ____D C:\Users\administrator
2019-09-25 08:42 - 2016-02-15 15:07 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-09-24 18:31 - 2019-04-30 16:24 - 000000000 ____D C:\Users\Office
2019-09-24 18:31 - 2017-11-20 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2019-09-24 18:31 - 2017-11-20 12:40 - 000000000 ____D C:\Program Files\Webroot
2019-09-24 18:31 - 2016-02-26 11:28 - 000000000 ____D C:\Users\tech
2019-09-24 18:31 - 2016-02-24 08:03 - 000000000 ____D C:\Users\Green Oaks North
2019-09-24 18:31 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Msdtc
2019-09-24 17:22 - 2016-06-28 12:19 - 000000000 ____D C:\Users\tech\Intuit
2019-09-24 16:01 - 2019-05-15 11:28 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 16:01 - 2019-05-15 11:28 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 16:01 - 2019-05-15 11:28 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 15:34 - 2016-02-26 11:52 - 000000000 __SHD C:\Users\tech\IntelGraphicsProfiles
2019-09-24 14:39 - 2016-03-01 14:37 - 000000000 ____D C:\Users\tech\AppData\Local\CrashDumps
2019-09-24 10:03 - 2016-03-11 11:09 - 000000000 ____D C:\Users\tech\.oracle_jre_usage
2019-09-23 12:46 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-09-21 21:46 - 2016-02-26 17:58 - 000000000 ____D C:\Users\tech\Desktop\Kathie2
2019-09-21 12:10 - 2016-02-15 15:17 - 000000000 ____D C:\Program Files (x86)\Dell
2019-09-20 21:30 - 2016-02-26 11:28 - 000121096 _____ C:\Users\tech\AppData\Local\GDIPFONTCACHEV1.DAT
2019-09-20 15:58 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2019-09-20 03:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-09-19 18:20 - 2011-02-10 09:33 - 000802436 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-09-19 14:22 - 2016-02-15 15:28 - 000018644 _____ C:\Windows\system32\results.xml
2019-09-19 10:52 - 2016-02-15 17:02 - 000000000 ____D C:\Program Files (x86)\Intel
2019-09-19 10:47 - 2011-02-10 09:25 - 000000000 ____D C:\Windows\panther
2019-09-19 10:31 - 2011-02-10 09:25 - 000000000 ____D C:\dell
2019-09-19 10:30 - 2016-03-11 11:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-09-19 10:30 - 2016-03-11 11:08 - 000000000 ____D C:\Program Files (x86)\Java
2019-09-19 10:28 - 2016-03-11 11:08 - 000098288 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-09-19 10:07 - 2016-02-24 08:11 - 000000000 ____D C:\ProgramData\PCDr
2019-09-19 10:05 - 2016-02-15 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-09-19 10:04 - 2019-03-23 16:14 - 000000000 ____D C:\ProgramData\SupportAssist
2019-09-19 10:04 - 2016-02-15 16:29 - 000000000 ____D C:\ProgramData\Dell
2019-09-19 10:04 - 2016-02-15 15:21 - 000000000 ____D C:\Program Files\Dell
2019-09-17 11:31 - 2019-08-16 15:23 - 000000000 ____D C:\Users\tech\AppData\Local\TeamViewer
2019-09-17 11:30 - 2019-08-16 15:13 - 000000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-09-17 11:30 - 2019-08-16 15:13 - 000000961 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-09-17 11:30 - 2019-08-16 15:13 - 000000961 _____ C:\ProgramData\Desktop\TeamViewer 14.lnk
2019-09-11 03:11 - 2016-02-26 09:37 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-09-06 15:41 - 2019-05-15 11:28 - 000000000 ____D C:\Users\administrator\AppData\Local\Google
2019-09-06 15:41 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-08-31 12:29 - 2019-06-07 13:48 - 000037122 _____ C:\Users\tech\Desktop\simple.pdf
2019-08-29 12:46 - 2018-01-12 13:18 - 000000000 ____D C:\Users\tech\AppData\Local\Glance

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-20 15:52
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2019
Ran by Administrator (25-09-2019 09:25:47)
Running from C:\Users\administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-02-24 13:03:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2149408120-3631009724-2071607378-500 - Administrator - Disabled)
Green Oaks North (S-1-5-21-2149408120-3631009724-2071607378-1000 - Administrator - Enabled) => C:\Users\Green Oaks North
Guest (S-1-5-21-2149408120-3631009724-2071607378-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {DF901FA1-F926-253B-C464-B01C79DCAD48}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {64F1FE45-DF1C-2AB5-FED4-8B6E025BE7F5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{D144D2C2-4F96-48B7-BB2A-E9185050B619}) (Version: 1.0.491 - LogMeIn, Inc.)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4280 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4009.2901 - Intuit Inc.) Hidden
QuickBooks Pro 2019 (HKLM-x32\...\{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4005.2901 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6068 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.2452 - TeamViewer)
Trend Micro Worry-Free Business Security Agent (HKLM\...\{19D84BB4-35C9-4125-90AB-C2ADD0F9A8EC}) (Version: 8.0 - Trend Micro Inc.) Hidden
VetSource App (HKLM-x32\...\{473B7E3A-18C2-FB11-23F8-2CA8524C54E3}) (Version: 3.0.0 - Strategic Pharmaceutical Solutions, Inc. dba VetSource) Hidden
VetSource App (HKLM-x32\...\com.vetsource.scriptright.ScriptRight) (Version: 3.0.0 - Strategic Pharmaceutical Solutions, Inc. dba VetSource)
VIA (HKLM-x32\...\{102B3711-B9F9-47EB-B617-A7720838879D}) (Version: 8.5.0 - VIA Information Systems)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.26.61 - Webroot)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1951382-3801802459-3850981174-500_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (SoftThinks -> Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (SoftThinks -> Softthinks SAS)
ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} =>  -> No File
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-09-25] (Webroot Inc. -> Webroot)
ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} =>  -> No File
ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-09-25] (Webroot Inc. -> Webroot)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2017-11-14 14:48 - 2017-11-14 14:48 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2016-02-27 09:18 - 2011-08-24 18:27 - 000011264 _____ (Xerox Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\x5print.dll
2019-04-30 16:29 - 2019-04-30 14:02 - 000119296 _____ (Xerox Corporation) [File not signed] C:\Windows\System32\x5lrs.dll
2019-04-30 16:29 - 2019-04-30 14:02 - 000129024 _____ (Xerox Corporation) [File not signed] C:\Windows\System32\x5lrsl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1304 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1347 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1445 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Business Objects\Common\3.5\bin\NOTES\;C:\Program Files (x86)\Business Objects\Common\3.5\bin\NOTES\DATA\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime
HKU\S-1-5-21-1951382-3801802459-3850981174-500\Control Panel\Desktop\\Wallpaper -> C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.113.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{673C18B1-8111-4C3F-A076-A8B89C5FD080}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DE7BD9B3-8EA0-4A4F-907B-AB8858B995E0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B40DE6C8-F4B5-4397-918B-2CB8BA5F098C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{473A1775-9F65-41D3-8F1B-732E6EE196D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{008E668A-841A-4A90-A0CE-F55E61583345}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-09-2019 00:00:03 Scheduled Checkpoint
22-09-2019 02:09:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2019 09:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/25/2019 08:57:03 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Microsoft.Practices.Unity.ResolutionFailedException: Resolution of the dependency failed, type = "Dell.Services.SupportAssist.SupportAssistAgentCore.ISupportAssistProcessor", name = "(none)".
Exception occurred while: while resolving.
Exception is: InvalidOperationException - The current type, Dell.Services.SupportAssist.SupportAssistAgentCore.ISupportAssistProcessor, is an interface and cannot be constructed. Are you missing a type mapping?
-----------------------------------------------
At the time of the exception, the container was:

  Resolving Dell.Services.SupportAssist.SupportAssistAgentCore.ISupportAssistProcessor,(none)
 ---> System.InvalidOperationException: The current type, Dell.Services.SupportAssist.SupportAssistAgentCore.ISupportAssistProcessor, is an interface and cannot be constructed. Are you missing a type mapping?
   at Microsoft.Practices.ObjectBuilder2.DynamicMethodConstructorStrategy.ThrowForAttemptingToConstructInterface(IBuilderContext context)
   at BuildUp_Dell.Services.SupportAssist.SupportAssistAgentCore.ISupportAssistProcessor(IBuilderContext )
   at Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context)
   at Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context)
   at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
   --- End of inner exception stack trace ---
   at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
   at Microsoft.Practices.Unity.UnityContainer.Resolve(Type t, String name, ResolverOverride[] resolverOverrides)
   at Microsoft.Practices.Unity.UnityContainerExtensions.Resolve[T](IUnityContainer container, ResolverOverride[] overrides)
   at Dell.Services.SupportAssist.Bootstrapper.BootStrapper.SessionChangeAction(SessionChangeDescription changeDescription)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
   at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)

Error: (09/25/2019 08:51:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/25/2019 08:47:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19463 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 195c

Start Time: 01d573a7a3db335b

Termination Time: 219

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/24/2019 09:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SftService.exe, version: 3.0.0.49, time stamp: 0x54ae9e29
Faulting module name: ntdll.dll, version: 6.1.7601.24520, time stamp: 0x5d673df5
Exception code: 0xc0000005
Fault offset: 0x0004db4a
Faulting process id: 0xadc
Faulting application start time: 0x01d57318005fe383
Faulting application path: C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 697c47eb-df38-11e9-97d8-64006a4b01bb

Error: (09/24/2019 04:15:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (09/24/2019 03:51:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Desktop Pro 2019":
V29.0D R9 (M=1066, L=335, C=249, V=0 (0))

Error: (09/24/2019 03:51:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Desktop Pro 2019":
Backup: Failed


System errors:
=============
Error: (09/25/2019 09:03:18 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000c4 (0x00000000000000f6, 0x000000000000012c, 0xfffffa800a9b8330, 0xfffff88007b50569). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092519-20982-01.

Error: (09/25/2019 09:03:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:01:47 AM on ‎9/‎25/‎2019 was unexpected.

Error: (09/25/2019 08:50:46 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000c4 (0x00000000000000f6, 0x0000000000000134, 0xfffffa800b61e060, 0xfffff88006859569). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092519-26161-01.

Error: (09/25/2019 08:50:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:48:35 AM on ‎9/‎25/‎2019 was unexpected.

Error: (09/24/2019 09:03:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/24/2019 02:40:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA} did not register with DCOM within the required timeout.

Error: (09/24/2019 02:38:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Service API service depends on the Dell Data Vault Collector service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/24/2019 02:38:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


Windows Defender:
===================================
Date: 2019-09-24 15:38:42.897
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2019-09-23 12:51:40.625
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-23 12:33:10.666
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-23 12:02:51.005
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-23 11:42:01.503
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-23 10:46:46.783
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-23 10:35:51.773
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-23 10:17:08.930
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2019-09-21 22:00:00.358
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Dell Inc. A20 05/27/2019
Motherboard: Dell Inc. 040DDP
Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 49%
Total physical RAM: 8110.42 MB
Available physical RAM: 4123.69 MB
Total Virtual: 16220.84 MB
Available Virtual: 10559.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:320.95 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:0.94 GB) (Free:0.18 GB) FAT
Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:0.92 GB) FAT
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.2 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 56C23DD5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 959.5 MB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=959 MB) - (Type=06)

========================================================
Disk: 2 (Protective MBR) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Thumbnails

  • IMG_8453.JPG

    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 26 September 2019 - 09:44 AM

I think I know whats going on but not sure.

If you can locate and post the these logs please

C:\AdwCleaner\Logs

Malwarebytes Anti-Malware
You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1951382-3801802459-3850981174-500 -> DefaultScope {2362CE3C-7A5A-4771-B2A4-364464D2E2BF} URL =
SearchScopes: HKU\S-1-5-21-1951382-3801802459-3850981174-500 -> {2362CE3C-7A5A-4771-B2A4-364464D2E2BF} URL =
Task: {8DA21C5A-9489-4EA6-9D79-17FA8481DC79} - System32\Tasks\AdwCleaner_onReboot => C:/Users/tech/Desktop/adwcleaner_7.2.5.0.exe
ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => -> No File
ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => -> No File
ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1304 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1347 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1445 [0]
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 October 2019 - 10:46 AM

2 adw cleaner log results

 

 

C:\AdwCleaner\Logs

Malwarebytes Anti-Malware
You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here.
 
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-18.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-21-2019
# Duration: 00:02:37
# OS:       Windows 7 Professional
# Scanned:  35634
# Detected: 23

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy             C:\Users\administrator\AppData\Roaming\download Manager
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
Preinstalled.DellCommand|Update   Folder   C:\Program Files (x86)\DELL\COMMANDUPDATE
Preinstalled.DellCommand|Update   Registry   HKLM\Software\Classes\CLSID\{A6F0A231-4510-4b00-A901-2EC89481C0B2}
Preinstalled.DellCommand|Update   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EC542D5D-B608-4145-A8F7-749C02BE6D94}
Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{693A23FB-F28B-4F7A-A720-4C1263F97F43}
Preinstalled.DellFoundationServices   Folder   C:\Program Files\DELL\DELL FOUNDATION SERVICES
Preinstalled.DellFoundationServices   Folder   C:\ProgramData\DELL\DELL FOUNDATION SERVICES
Preinstalled.DellFoundationServices   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDB50421-E961-42F3-B803-6DAC6F173834}
Preinstalled.DellSupportAssistAgent   File   C:\Users\Public\Desktop\SupportAssist.lnk
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF781380-CAB3-40C7-8A08-24471CF03221}
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF781380-CAB3-40C7-8A08-24471CF03221}
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk

AdwCleaner[S00].txt - [2201 octets] - [27/11/2018 12:44:28]
AdwCleaner[C00].txt - [2277 octets] - [27/11/2018 12:44:44]
AdwCleaner[S01].txt - [1379 octets] - [18/02/2019 10:50:02]
AdwCleaner_Debug.log - [19332 octets] - [19/09/2019 09:54:51]
AdwCleaner[S02].txt - [4290 octets] - [19/09/2019 09:55:46]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-18.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-19-2019
# Duration: 00:00:48
# OS:       Windows 7 Professional
# Scanned:  35634
# Detected: 24

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy             C:\Users\administrator\AppData\Roaming\download Manager
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
Preinstalled.DellCommand|Update   Folder   C:\Program Files (x86)\DELL\COMMANDUPDATE
Preinstalled.DellCommand|Update   Registry   HKLM\Software\Classes\CLSID\{A6F0A231-4510-4b00-A901-2EC89481C0B2}
Preinstalled.DellCommand|Update   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EC542D5D-B608-4145-A8F7-749C02BE6D94}
Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{693A23FB-F28B-4F7A-A720-4C1263F97F43}
Preinstalled.DellFoundationServices   Folder   C:\Program Files\DELL\DELL FOUNDATION SERVICES
Preinstalled.DellFoundationServices   Folder   C:\ProgramData\DELL\DELL FOUNDATION SERVICES
Preinstalled.DellFoundationServices   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDB50421-E961-42F3-B803-6DAC6F173834}
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportCenter   Folder   C:\Program Files\DELL SUPPORT CENTER
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.LenovoThinkVantageToolbox   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6789C3BD-24A0-49CA-BADD-A41CCE136798}
Preinstalled.LenovoThinkVantageToolbox   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6789C3BD-24A0-49CA-BADD-A41CCE136798}
Preinstalled.LenovoThinkVantageToolbox   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask
Preinstalled.LenovoThinkVantageToolbox   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows
Preinstalled.LenovoThinkVantageToolbox   Task   C:\Windows\System32\Tasks\PCDOCTORBACKGROUNDMONITORTASK
Preinstalled.MyDell   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dell Support Center

AdwCleaner[S00].txt - [2201 octets] - [27/11/2018 12:44:28]
AdwCleaner[C00].txt - [2277 octets] - [27/11/2018 12:44:44]
AdwCleaner[S01].txt - [1379 octets] - [18/02/2019 10:50:02]
AdwCleaner_Debug.log - [9087 octets] - [19/09/2019 09:54:51]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 


#4 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 October 2019 - 10:48 AM

Fix Log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-09-2019
Ran by administrator (27-09-2019 17:50:47) Run:3
Running from C:\Users\administrator\Desktop
Loaded Profiles: administrator (Available Profiles: Tech & Office & administrator & Green Oaks North)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1951382-3801802459-3850981174-500 -> DefaultScope {2362CE3C-7A5A-4771-B2A4-364464D2E2BF} URL =
SearchScopes: HKU\S-1-5-21-1951382-3801802459-3850981174-500 -> {2362CE3C-7A5A-4771-B2A4-364464D2E2BF} URL =
Task: {8DA21C5A-9489-4EA6-9D79-17FA8481DC79} - System32\Tasks\AdwCleaner_onReboot => C:/Users/tech/Desktop/adwcleaner_7.2.5.0.exe
ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => -> No File
ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => -> No File
ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1304 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1347 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1445 [0]
EmptyTemp:
C:\Windows\Temp\*.*
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-1951382-3801802459-3850981174-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1951382-3801802459-3850981174-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2362CE3C-7A5A-4771-B2A4-364464D2E2BF} => removed successfully
HKLM\Software\Classes\CLSID\{2362CE3C-7A5A-4771-B2A4-364464D2E2BF} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DA21C5A-9489-4EA6-9D79-17FA8481DC79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DA21C5A-9489-4EA6-9D79-17FA8481DC79}" => removed successfully
C:\Windows\System32\Tasks\AdwCleaner_onReboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\OfficeScan NT => removed successfully
HKLM\Software\Classes\CLSID\{AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\OfficeScan NT => removed successfully
HKLM\Software\Classes\CLSID\{AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\OfficeScan NT => removed successfully
HKLM\Software\Classes\CLSID\{AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\SysWOW64\MSIHANDLE => ":1304" ADS removed successfully
C:\Windows\SysWOW64\MSIHANDLE => ":1347" ADS removed successfully
C:\Windows\SysWOW64\MSIHANDLE => ":1445" ADS removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\DFS-FW4_optiplex.xml => moved successfully
Could not move "C:\Windows\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
Could not move "C:\Windows\Temp\FXSTIFFDebugLogFile.txt" => Scheduled to move on reboot.
C:\Windows\Temp\lpksetup-20190921-114746-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190924-101104-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190924-153354-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190925-085219-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190925-090446-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190925-095630-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190927-174120-0.log => moved successfully
C:\Windows\Temp\lpksetup-20190927-174830-0.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\tmp1278.tmp => moved successfully
C:\Windows\Temp\tmp166F.tmp => moved successfully
C:\Windows\Temp\tmp188E.tmp => moved successfully
C:\Windows\Temp\tmp2220.tmp => moved successfully
C:\Windows\Temp\tmp2290.tmp => moved successfully
C:\Windows\Temp\tmp231D.tmp => moved successfully
C:\Windows\Temp\tmp2C1F.tmp => moved successfully
C:\Windows\Temp\tmp3496.tmp => moved successfully
C:\Windows\Temp\tmp35A0.tmp => moved successfully
C:\Windows\Temp\tmp4662.tmp => moved successfully
C:\Windows\Temp\tmp508E.tmp => moved successfully
C:\Windows\Temp\tmp5753.tmp => moved successfully
C:\Windows\Temp\tmp5BF5.tmp => moved successfully
C:\Windows\Temp\tmp5DA.tmp => moved successfully
C:\Windows\Temp\tmp7976.tmp => moved successfully
C:\Windows\Temp\tmp7D6D.tmp => moved successfully
C:\Windows\Temp\tmp91D7.tmp => moved successfully
C:\Windows\Temp\tmp973F.tmp => moved successfully
C:\Windows\Temp\tmp98C6.tmp => moved successfully
C:\Windows\Temp\tmpA61D.tmp => moved successfully
C:\Windows\Temp\tmpB3D7.tmp => moved successfully
C:\Windows\Temp\tmpB4AD.tmp => moved successfully
C:\Windows\Temp\tmpB695.tmp => moved successfully
C:\Windows\Temp\tmpB8C7.tmp => moved successfully
C:\Windows\Temp\tmpC4E5.tmp => moved successfully
C:\Windows\Temp\tmpC8AB.tmp => moved successfully
C:\Windows\Temp\tmpC8EA.tmp => moved successfully
C:\Windows\Temp\tmpD33F.tmp => moved successfully
C:\Windows\Temp\tmpF6BE.tmp => moved successfully
C:\Windows\Temp\tmpFBDB.tmp => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4873000 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 4201727275 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66572 B
LocalService => 0 B
NetworkService => 2083000 B
tech => 560030947 B
Office => 506152 B
administrator => 14519073 B
Green Oaks North => 94822286 B
RecycleBin => 0 B
EmptyTemp: => 4.6 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-09-2019 18:11:49)
C:\Windows\Temp\FXSAPIDebugLogFile.txt => Is moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => Is moved successfully
==== End of Fixlog 18:11:50 ====


#5 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 02 October 2019 - 02:34 PM

You posted the AdwCleaner log twice.

Let's move on.

Follow the instructions in the thread below to run a scan with MBAR. Don't forget to update the database before launching the scan, and once launched, leave MBAR running and do not touch your computer until it is done scanning.

https://forums.malwa...t-malwarebytes/

Once MBAR is done scanning, removing threats and rebooting your computer, go in its MBAR folder, and copy/paste the content of the mbar-log-TODAYS-DATE.txt log in your next reply.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#6 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 October 2019 - 09:07 AM

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2019.10.02.09
  rootkit: v2019.10.02.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.19463
Administrator :: ACCOUNTING [administrator]

10/2/2019 5:00:03 PM
mbar-log-2019-10-02 (17-00-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253014
Time elapsed: 4 hour(s), 12 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

Computer is still running slow



#7 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 03 October 2019 - 01:56 PM

The logs you showed me earlier for AdwCleaner didn't show me anything removed or deleted.

Can you please locate the version you have on the computer now and delete it.

Then we'll download an updated version and allow it to remove what it finds.
  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Once the scan completes, make sure that every item listed in the different tabs is checked and then click on the Clean & Repair button
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please copy and paste the contents of that log into your next reply to me

  • ~~~~~~~~~~~~~~~~~~~~~~~~`

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    MBAM3_zpsw0f8rn9n.jpg

  • Install the progam and select update.

    Open Malwarebytes Anti-Malware
    click the Settings tab,at the top choose Protection and tick Scan for rootkits.
    Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here

Please post these 2 logs when finished.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 October 2019 - 03:55 PM

On adwear cleaner,  do you want me to remove/quarantine pre installed software as well?

Thanks



#9 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 03 October 2019 - 04:57 PM

Let's try using the one you have without going through finding and deleting out all of the folders.

Open AdwCleaner
Run as Administrator
Accept the EULA (I accept), then click on Scan Now
Once the scan completes, make sure that every item listed in the different tabs is checked and then click on the Clean & Repair button
Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
Close all other open windows and allow it to restart
After the restart, Notepad will open with the AdwCleaner cleaning log
Please copy and paste the contents of that log into your next reply to me


Then follow the Malwarebytes Anti-Malware scan instructions in my previous post and post the logs.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 October 2019 - 07:34 PM

Thanks for responding, but I am still not clear, so let me ask my question differently.  I ran adwcleaner, no malware was found however, it did find preloaded software.  Do you want me to quarantine these?  Every time I have tried to use adwcleaner to remove preloaded software (on multiple computers) the program locks up and never finishes.  I have even left over night and come back to it in the same spot.

 

Thank you


    Advertisements

Register to Remove


#11 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 04 October 2019 - 04:34 AM

Thanks for responding, but I am still not clear, so let me ask my question differently.  I ran adwcleaner, no malware was found however, it did find preloaded software.  Do you want me to quarantine these?  Every time I have tried to use adwcleaner to remove preloaded software (on multiple computers) the program locks up and never finishes.  I have even left over night and come back to it in the same spot.
 
Thank you

The preinstalled program from Dell appears to be causing a problem. I had it on my Laptop and removed it, I never used it and got tired of it on occasion running in the background.

Do you use it, have you used it?.

Network Adapter Diagnostic is a diagnostic tool Driver utility, Dell Support Center for hardware.

We can attempt to remove this a couple of ways.
Run Adwcleaner in safe mode?, there is less running at that time to interfere,
I can create a fix script with FRST and try to take it out.
Could be if we temporarily disable Webroot SecureAnywhere it would allow Adwcleaner to finish.

Before we continue let's try this:

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#12 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 05 October 2019 - 11:35 AM

The only preloaded software I use it Dell support Assist, but I can reload that.

 

Ran scan on Rouge Killer,  it took 8+ hours, when I came back computer was on Ctrl alt delete screen, when I logged back in Rogue killer found one item, but nothing was in quarantine folder to remove.  Could not figure out another way to try to remove.  log posted below.

 

RogueKiller Anti-Malware V13.5.0.0 (x64) [Sep 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191004_081155, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/10/04 09:38:06 (Duration : 16:20:25)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Description -- N/A -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 



#13 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 06 October 2019 - 06:08 AM

 

when I logged back in Rogue killer found one item, but nothing was in quarantine folder to remove.

Like the other tools used,  you have to click on the items found to be removed.

 

 

The only preloaded software I use it Dell support Assist, but I can reload that.

Go to your add remove programs list and search for and uninstall those items related to Dell like PC Doctor you can find,  reboot the computer.

 

It's possible you'll have to temporarily disable Webroot SecureAnywhere

 

Turn off Webroot SecureAnywhere
Locate the SecureAnywhere icon in your system tray.
Right-click the system tray icon and select Shut down Protection.
A prompt confirming whether you want to shut down appears. Click Yes


Open the SecureAnywhere interface (click the Webroot icon in the menu bar, then select Open Webroot SecureAnywhere from the drop-down menu).
From the menu bar, select Webroot SecureAnywhere, then Preferences.
In the Preferences window, select Web Threat Shield on the left. Click turn on or enable.

 

~~~~~~~~~~~~~~~~~`

 

Let the machine boot up and run as normal, use it for a few minutes.

 

If it still doesn't feel right let's take a look in task manager and see if we can locate what is using a high amount of CPU

 

Right click on the tool bar at the bottom of your screen.

Task manager will open, click on the little box at the bottom left, click on show all processes from all users

Use the scroll bar if you need to and watch/locate whats causing high or higher usage then normal. Watch for a couple of minutes because when rebooting many things will run at once till it's gathered the program info needed.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#14 46kph

46kph

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 07 October 2019 - 10:33 AM

Got programs removed,  Computer running much better today.

 

Thanks



#15 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 07 October 2019 - 12:41 PM

Let's check for remnants

ESET Online Scanner:
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click Advanced settings, and make sure there is a checkmark next to only the following items (uncheck everything else):
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your internet connection
  • When the download has completed, the Online Scan will begin automatically it could take several hours to complete the scan. Please be patient
  • When the scan has completed, click List Found Threats (only if anything is found)
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan
  • Copy and paste the contents of this report into your next reply to me
  • Click Back, then click Finish to exit ESET Online Scanner

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users