[RESOLVED] Problems on sisters pc
Results 1 to 14 of 14

Thread: [RESOLVED] Problems on sisters pc

  1. #1
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642

    Resolved [RESOLVED] Problems on sisters pc

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
    Ran by CUTBI (administrator) on LAPTOP-BPCC9RTR (ASUSTeK COMPUTER INC. TUF Gaming FX705GM_FX705GM) (18-01-2020 13:58:55)
    Running from C:\Users\CUTBI\Desktop\New folder (2)
    Loaded Profiles: CUTBI (Available Profiles: CUTBI)
    Platform: Windows 10 Home Version 1903 18362.592 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
    (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS_FRQ_Control\ASUS_FRQ_Control.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files\ASUSTeK COMPUTER INC\Asus Power Scheme\ASUSPowerScheme.exe
    (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSLiveUpdateAgent\AsusLiveUpdateAgent.exe
    (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSOptimization\ASUSOptimization.exe
    (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSSystemAnalysis\AsusSystemAnalysis.exe
    (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
    (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
    (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
    (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\88.4.172\QtWebEngineProcess.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\88.4.172\QtWebEngineProcess.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\88.4.172\QtWebEngineProcess.exe
    (DTS, Inc. -> ) C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9060c624376479b7\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9060c624376479b7\IntelCpHeciSvc.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
    (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
    (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\CUTBI\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2179208 2019-08-27] (Logitech Inc -> Logitech, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07D7D66C-C762-484F-A9EC-33200FDD1C4B} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe [642448 2018-05-31] (ASUSTeK Computer Inc. -> )
    Task: {09ACCF05-DE82-443D-93E5-37F53BD3D666} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-06] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {0A48C8BF-20C3-4163-BE32-22F152793C9A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24625520 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)
    Task: {0AD29CDF-7558-4892-8AA6-56C4609D144F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {0AE9B884-1E28-4961-8DD2-B4235736ACB7} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {0B9606F5-D4CB-4D96-A99E-8A48E6CAAA4F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2050448 2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {1477577F-EAF0-44FC-BD93-8879049B344A} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {1E291054-4ACB-4A6B-9F71-7F1E8A7F17BA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {26840F91-0342-43B6-85F0-5B0976C4B0E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982464 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {2ACA9FA0-66FD-4768-9A80-BAADF216BE98} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [654784 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {345B8A30-45B6-4B5F-B0A8-54D05487E2F9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2050448 2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {3F726C35-2631-4417-A51B-29BA1895E002} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4BF46F55-1A4C-4BC2-8D2B-C4AA3B651354} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {5CC773FF-EFD5-4601-843F-83524EA71292} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {5E65DCC0-43B7-4194-9631-968BAF9B7107} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24625520 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8014B6B2-0E7B-4211-9C85-67BE80A59539} - System32\Tasks\ASUS_FRQ_Control => C:\Program Files (x86)\ASUS\ASUS_FRQ_Control\ASUS_FRQ_Control.exe [132064 2019-03-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    Task: {82E393BB-7CBD-4A04-B6D5-E7E549AD1A15} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3297728 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {8393BFCD-5BAD-4116-BAA7-262C9401BCCB} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [525120 2019-12-19] (Bitdefender SRL -> Bitdefender)
    Task: {9DE906BB-0855-4995-959C-129F66FBD71F} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSSystemAnalysis\AsusSystemAnalysis.exe [1456040 2019-08-12] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
    Task: {9FC7CDF8-01E1-4AB0-A357-2D28DB8BF8DE} - System32\Tasks\Update Checker => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSLiveUpdateAgent\UpdateChecker.exe [183528 2019-08-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {A0BDE5AE-2364-4598-A486-91684AABD7FD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-06] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {AB296134-8A93-4969-AB56-7DEDC9EC4E3F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
    Task: {B36B585E-DC56-410A-AAF0-E8ECB0BE94B8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {B64B208A-C136-4B35-AD7B-90B92FE2BBDB} - System32\Tasks\ASUS Power Scheme Service => C:\Program Files\ASUSTeK COMPUTER INC\Asus Power Scheme\AsusPowerScheme.exe [4463584 2018-06-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {C0ABDD24-0C87-4AB0-9850-F38CC1AEA0F2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {CBBDEFFB-1475-48BA-9880-4E1410DCE245} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {D888FB24-82D3-4933-9356-3C5E5DD7E919} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {DA87A29F-65EF-499A-8A24-E1F0FD440913} - System32\Tasks\RtkAudUService64_BG => C:\Windows\system32\RtkAudUService64.exe [861984 2019-02-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
    Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
    Tcpip\..\Interfaces\{ca8c427d-6b88-40fc-8060-2ca9e4c05e11}: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{eb4f3b36-971a-4aef-b508-fa3073f9f25d}: [DhcpNameServer] 24.116.0.53 24.116.2.50

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3769217135-3645602465-1167657065-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/
    HKU\S-1-5-21-3769217135-3645602465-1167657065-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
    BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2019-12-19] (Bitdefender SRL -> Bitdefender)
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-12-19] (Bitdefender SRL -> Bitdefender)
    BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2019-12-19] (Bitdefender SRL -> Bitdefender)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-12-19] (Bitdefender SRL -> Bitdefender)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-12-19] (Bitdefender SRL -> Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-12-19] (Bitdefender SRL -> Bitdefender)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\CUTBI\Downloads
    Edge HomeButtonPage: HKU\S-1-5-21-3769217135-3645602465-1167657065-1001 -> hxxps://www.msn.com/
    Edge Notifications: HKU\S-1-5-21-3769217135-3645602465-1167657065-1001 -> hxxps://www.sephora.com
    Edge Extension: (Wikibuy) -> EdgeExtension_WikibuyWikibuy_aa6dh46kc11ry => C:\Program Files\WindowsApps\Wikibuy.Wikibuy_0.1.389.0_neutral__aa6dh46kc11ry [2019-10-04]

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2019-12-19]
    FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
    FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2019-11-20]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2019-03-06] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
    FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-05] (NVIDIA Corporation -> NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-05] (NVIDIA Corporation -> NVIDIA Corporation)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
    CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    R2 ASUSLiveUpdateAgent; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSLiveUpdateAgent\AsusLiveUpdateAgent.exe [272616 2019-08-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSOptimization\ASUSOptimization.exe [203496 2019-08-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSSystemAnalysis\AsusSystemAnalysis.exe [1456040 2019-08-12] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)
    R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [512920 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
    R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-12-19] (Bitdefender SRL -> Bitdefender)
    R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-12-19] (Bitdefender SRL -> Bitdefender)
    R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11164232 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-06] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-06] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DTSAPO3Service; C:\WINDOWS\System32\DTS\PC\APO3x\DTSAPO3Service.exe [207840 2018-06-28] (DTS, Inc. -> )
    R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1855976 2018-06-27] (Intel Corporation -> Intel Corporation)
    R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [302416 2018-06-28] (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.)
    S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\HfcDisableService.exe [1710736 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2788496 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [762056 2018-05-15] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [714952 2018-05-15] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-06-06] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-06-25] (Intel Corporation -> )
    S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
    R2 RefreshRateService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe [29696 2019-01-10] () [File not signed]
    R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe [1969288 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [861984 2019-02-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [151656 2019-12-19] (Bitdefender SRL -> Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-12-19] (Bitdefender SRL -> Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848800 2018-06-25] (Intel Corporation -> Intel® Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
    R1 ASUSSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_9aa72f8749c172a6\ASUSSystemAnalysis\ASUSSAIO.sys [31144 2019-08-12] (ASUSTek Computer Inc. -> )
    R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1693368 2019-11-20] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
    R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [739264 2019-11-20] (Bitdefender SRL -> Bitdefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
    R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2019-09-10] (Bitdefender SRL -> © Bitdefender SRL)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [78680 2018-04-30] (Intel Corporation -> Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [71000 2018-04-30] (Intel Corporation -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [402264 2018-04-30] (Intel Corporation -> Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-01-05] (Malwarebytes Corporation -> Malwarebytes)
    R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [564112 2019-11-20] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [188384 2019-06-21] (Bitdefender SRL -> BitDefender LLC)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094800 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73360 2018-12-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 ibtusb; C:\WINDOWS\System32\DriverStore\FileRepository\ibtusb.inf_amd64_1d1bb12938dc20f2\ibtusb.sys [15220512 2019-08-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [196392 2019-09-10] (Bitdefender SRL -> Bitdefender)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2020-01-18] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-01-18] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-18] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2020-01-18] (Malwarebytes Corporation -> Malwarebytes)
    S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8814104 2018-06-30] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [9276416 2019-08-27] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_e554efd74355f9f6\nvlddmkm.sys [17213816 2018-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-05-14] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024392 2018-05-20] (Realtek Semiconductor Corp. -> Realtek )
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [610640 2019-01-14] (Bitdefender SRL -> Bitdefender)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

  2. #2
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-01-18 13:57 - 2020-01-18 13:59 - 000000000 ____D C:\FRST
    2020-01-18 13:57 - 2020-01-18 13:58 - 000000000 ____D C:\Users\CUTBI\Desktop\New folder (2)
    2020-01-18 13:17 - 2020-01-18 13:17 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2020-01-18 13:17 - 2020-01-18 13:17 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2020-01-18 13:17 - 2020-01-18 13:17 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2020-01-18 13:17 - 2020-01-18 13:17 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2020-01-18 13:16 - 2020-01-18 13:16 - 000003726 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
    2020-01-18 08:59 - 2020-01-18 08:59 - 000000000 ___HD C:\OneDriveTemp
    2020-01-17 11:50 - 2020-01-17 11:50 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2020-01-17 11:50 - 2020-01-17 11:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
    2020-01-17 11:50 - 2020-01-17 11:50 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
    2020-01-17 11:50 - 2020-01-17 11:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
    2020-01-15 19:46 - 2019-12-09 22:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2020-01-15 19:46 - 2019-12-09 21:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2020-01-08 11:35 - 2020-01-08 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2020-01-07 06:21 - 2020-01-07 06:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2020-01-07 06:21 - 2020-01-07 06:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2020-01-07 06:21 - 2020-01-07 06:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2020-01-07 06:21 - 2020-01-07 06:21 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2020-01-05 15:57 - 2020-01-05 15:57 - 001157365 _____ C:\Users\CUTBI\AppData\Local\census.cache
    2020-01-05 15:56 - 2020-01-05 15:56 - 000372230 _____ C:\Users\CUTBI\AppData\Local\ars.cache
    2020-01-05 15:46 - 2020-01-05 15:46 - 000000000 ____D C:\Users\CUTBI\Desktop\TurboTax
    2020-01-05 15:38 - 2020-01-05 15:38 - 000374264 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
    2020-01-05 15:38 - 2020-01-05 15:38 - 000331976 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\virtual_file.sys
    2020-01-05 15:38 - 2020-01-05 15:38 - 000243472 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\volume_tracker.sys
    2020-01-05 15:38 - 2020-01-05 15:38 - 000182832 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
    2020-01-05 15:38 - 2020-01-05 15:38 - 000173536 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys
    2020-01-05 15:38 - 2020-01-05 15:38 - 000001288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
    2020-01-05 15:38 - 2020-01-05 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2020-01-05 15:38 - 2020-01-05 15:38 - 000000000 ____D C:\Program Files\Bonjour
    2020-01-05 15:38 - 2020-01-05 15:38 - 000000000 ____D C:\Program Files (x86)\Bonjour
    2020-01-05 15:38 - 2020-01-05 15:38 - 000000000 ____D C:\Program Files (x86)\Acronis
    2020-01-05 15:37 - 2020-01-05 16:21 - 000000000 ____D C:\ProgramData\Acronis
    2020-01-05 15:12 - 2020-01-05 15:12 - 000000036 _____ C:\Users\CUTBI\AppData\Local\housecall.guid.cache
    2020-01-05 14:28 - 2020-01-05 14:28 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2020-01-05 14:28 - 2020-01-05 14:28 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2020-01-05 14:28 - 2020-01-05 14:28 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2020-01-05 14:28 - 2020-01-05 14:28 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-01-05 14:28 - 2020-01-05 14:28 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-01-05 14:28 - 2020-01-05 14:28 - 000000000 ____D C:\Users\CUTBI\AppData\Local\mbamtray
    2020-01-05 14:28 - 2020-01-05 14:28 - 000000000 ____D C:\Users\CUTBI\AppData\Local\mbam
    2020-01-05 14:28 - 2020-01-05 14:28 - 000000000 ____D C:\Users\CUTBI\AppData\Local\cache
    2020-01-05 14:28 - 2020-01-05 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2020-01-05 14:28 - 2020-01-05 14:28 - 000000000 ____D C:\ProgramData\Malwarebytes
    2020-01-05 14:28 - 2020-01-05 14:28 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-01-05 10:33 - 2020-01-05 10:33 - 000000314 _____ C:\Users\CUTBI\Downloads\_Calender.ics

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-01-18 13:56 - 2019-09-08 22:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-01-18 13:55 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-01-18 13:33 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-01-18 13:23 - 2019-04-06 15:27 - 000000000 ___RD C:\Users\CUTBI\OneDrive
    2020-01-18 13:23 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
    2020-01-18 13:22 - 2019-09-08 22:21 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-01-18 13:19 - 2018-10-11 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
    2020-01-18 13:17 - 2019-09-08 22:17 - 000003746 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
    2020-01-18 13:17 - 2019-09-08 22:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-01-18 13:17 - 2019-09-08 22:13 - 000290192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2020-01-18 13:17 - 2019-09-08 17:48 - 000000000 ____D C:\Users\CUTBI
    2020-01-18 13:17 - 2019-04-06 15:25 - 000000000 __SHD C:\Users\CUTBI\IntelGraphicsProfiles
    2020-01-18 13:17 - 2019-03-18 21:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2020-01-18 13:16 - 2019-03-18 21:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2020-01-18 13:16 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
    2020-01-18 13:16 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2020-01-18 13:16 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
    2020-01-18 09:00 - 2019-04-06 20:59 - 000000000 ____D C:\WINDOWS\system32\MRT
    2020-01-18 08:59 - 2019-04-06 20:59 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2020-01-17 14:45 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2020-01-17 14:40 - 2019-07-20 06:09 - 000000000 ____D C:\Users\Public\Logi
    2020-01-17 11:46 - 2019-09-08 22:17 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3769217135-3645602465-1167657065-1001
    2020-01-17 11:46 - 2019-09-08 17:48 - 000002369 _____ C:\Users\CUTBI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-01-14 17:04 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-01-14 15:23 - 2019-03-18 21:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
    2020-01-12 13:04 - 2019-03-18 21:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-01-12 13:03 - 2019-04-06 18:55 - 000000000 ____D C:\Program Files\Microsoft Office
    2020-01-08 11:35 - 2019-04-06 15:47 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2020-01-05 16:20 - 2019-04-06 21:12 - 000000000 ____D C:\Users\CUTBI\AppData\Local\D3DSCache
    2020-01-05 16:14 - 2019-04-06 15:25 - 000000000 ____D C:\Users\CUTBI\AppData\Local\Packages
    2020-01-05 15:38 - 2019-04-21 11:22 - 000000000 ____D C:\ProgramData\Apple
    2020-01-05 14:28 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

    ==================== Files in the root of some directories ========

    2020-01-05 15:56 - 2020-01-05 15:56 - 000372230 _____ () C:\Users\CUTBI\AppData\Local\ars.cache
    2020-01-05 15:57 - 2020-01-05 15:57 - 001157365 _____ () C:\Users\CUTBI\AppData\Local\census.cache
    2020-01-05 15:12 - 2020-01-05 15:12 - 000000036 _____ () C:\Users\CUTBI\AppData\Local\housecall.guid.cache

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  3. #3
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
    Ran by CUTBI (18-01-2020 14:00:08)
    Running from C:\Users\CUTBI\Desktop\New folder (2)
    Windows 10 Home Version 1903 18362.592 (X64) (2019-09-09 05:17:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3769217135-3645602465-1167657065-500 - Administrator - Disabled)
    CUTBI (S-1-5-21-3769217135-3645602465-1167657065-1001 - Administrator - Enabled) => C:\Users\CUTBI
    DefaultAccount (S-1-5-21-3769217135-3645602465-1167657065-503 - Limited - Disabled)
    Guest (S-1-5-21-3769217135-3645602465-1167657065-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3769217135-3645602465-1167657065-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
    FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.3.0 - ASUSTeK COMPUTER INC.)
    ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.)
    Asus Power Scheme (HKLM\...\{81E49E2E-C0A5-471E-854F-82125D30A828}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
    ASUS_FRQ_Control (HKLM-x32\...\{8714A8D1-0F08-4681-9DF6-A8C4607A58B4}) (Version: 1.0.8 - ASUSTek COMPUTER INC.)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.134 - Bitdefender)
    Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 23.0.19.85 - Bitdefender)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 88.4.172 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
    DSB Notification (HKLM\...\{A82D01C4-0F9C-4FD6-9E2F-EDBD1E9826DC}) (Version: 1.2.0 - ASUSTeK COMPUTER INC.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.11000.6436 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1823.12.0.1137 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.0.1027 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.295.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c700a043-5a4c-4d61-aa88-6c4191f25b64}) (Version: 1.50.295.0 - Intel Corporation) Hidden
    Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{0459ef97-6cc2-4a78-a664-516669c498e2}) (Version: 20.70.0.0u - Intel Corporation)
    Logitech Options (HKLM\...\LogiOptions) (Version: 8.0.863 - Logitech)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Microsoft Office Home and Business 2019 - en-us (HKLM\...\HomeBusiness2019Retail - en-us) (Version: 16.0.12325.20288 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3769217135-3645602465-1167657065-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
    NVIDIA 3D Vision Driver 398.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.35 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
    NVIDIA Graphics Driver 398.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.35 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.18.0628 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0628 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20280 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
    RefreshRateService (HKLM-x32\...\{7E5E84CB-B190-4658-A4DC-166779C329D1}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)

    Packages:
    =========
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.8.0_x64__qmba6cd70vzyy [2019-11-15] (ASUSTeK COMPUTER INC.)
    ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.28.8.0_x86__kgqvnymyfvs32 [2020-01-09] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1670.2.0_x86__kgqvnymyfvs32 [2020-01-14] (king.com)
    CBS -> C:\Program Files\WindowsApps\2BDFC20A.CBS_3.21.5161.0_x64__bd059sf7kn2rm [2019-05-23] (CBS Interactive Inc.)
    DTS Headphone:X v1 -> C:\Program Files\WindowsApps\DTSInc.DTSHeadphoneXv1_1.2.4.0_x64__t5j2fzbtdg37r [2019-04-06] (DTS, Inc.)
    eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-10-11] (ASUSTeK COMPUTER INC.)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-16] (HP Inc.)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2019-11-25] (Hulu.)
    Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-06-21] (INTEL CORP)
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-12] (Apple Inc.) [Startup Task]
    LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-04-06] (LinkedIn)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-06] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-06] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-21] (Microsoft Corporation) [MS Ad]
    MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_2.2.2.0_x64__qmba6cd70vzyy [2020-01-05] (ASUSTeK COMPUTER INC.) [Startup Task]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-24] (Netflix, Inc.)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-06-23] (Realtek Semiconductor Corp)
    VUDU Movies and TV -> C:\Program Files\WindowsApps\95FE1D22.VUDUMoviesandTV_1.1.138.0_x64__0wkekwh8d6p78 [2019-12-21] (VUDU Inc.)
    Wikibuy -> C:\Program Files\WindowsApps\Wikibuy.Wikibuy_0.1.389.0_neutral__aa6dh46kc11ry [2019-10-04] (Wikibuy)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3769217135-3645602465-1167657065-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\CUTBI\Dropbox [2019-04-06 15:50]
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-05] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-05] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2019-07-30 06:24 - 2019-07-30 06:24 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
    2019-07-30 06:24 - 2019-07-30 06:24 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
    2018-12-03 21:19 - 2018-12-03 21:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
    2019-04-06 18:56 - 2019-04-06 18:56 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
    2019-04-06 18:56 - 2019-04-06 18:56 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
    2019-07-30 06:24 - 2019-07-30 06:24 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
    2019-07-30 06:24 - 2019-07-30 06:24 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
    2019-07-30 06:24 - 2019-07-30 06:24 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 16:38 - 2020-01-18 13:17 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-3769217135-3645602465-1167657065-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
    DNS Servers: 24.116.0.53 - 24.116.2.50
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{ACE28C91-461C-455C-8CDC-7CC9A5BCFAC5}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
    FirewallRules: [{53D83168-23C4-49C4-8E9F-EB868D278BBA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [{6A927298-FB47-4CC8-8CD1-0F9F08E70FCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{B5074A81-CE13-401C-9CDC-1D447150B040}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{F7F5C509-EC4D-4906-87A1-A626E72D30E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{BDA9C7F0-DE42-4A4B-A232-0CB40CC4623B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{8739C3F9-5201-43D5-8AEE-AC8A6960523F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{69DAA08B-1247-4367-A2E0-9B7373B65E5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{EB0C2C13-5071-4238-932D-5707C7472F1B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{288169CC-9E07-4A93-9D3D-78F6C5E795B9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0A818F67-05C6-487B-A574-0862392AEEFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{E3FA6C57-5B83-4546-9756-7CEBF813C3C9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6D477F13-F833-4980-B5AD-E9F946E7A0FD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{94E06FA4-C0A3-4900-9CCB-7C4F0D33CDA7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F337A4B6-CEC7-4323-8519-8F01F9BE8391}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0411BF1D-73B6-4971-8131-93E0DBDB7E8C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0FCCA5B8-A5DF-42C2-BDB5-A2BC7753AC3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C8127D54-9A0F-480D-BDB2-9D999A84CB83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{92F2DF53-8A80-44CA-A922-C675292E43C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B9B9C77F-4B01-4DDA-83D2-11D4B3DB74AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{59EE59BA-7C9A-494A-ADCA-CB2CFA59FECD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B9547611-4225-4FD5-B1E7-FEBDC562BE13}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (01/18/2020 02:17:16 PM) (Source: VSS) (EventID: 12289) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{97fd1a4b-464d-42a4-a895-3d75b70d2c14} - 000000000000023C,0x0053c008,00000243C5506790,0,00000243C55077C0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
    .


    Operation:
    Processing EndPrepareSnapshots

    Context:
    Execution Context: System Provider

    Error: (01/18/2020 02:16:18 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (18780,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (01/18/2020 01:58:18 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (9464,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (01/18/2020 01:52:44 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (14244,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (01/18/2020 01:43:21 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (17660,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (01/18/2020 01:29:31 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (6544,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (01/18/2020 11:04:47 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (21560,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (01/18/2020 10:36:31 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (19020,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


    System errors:
    =============
    Error: (01/18/2020 02:17:16 PM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.

    Error: (01/18/2020 01:16:47 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:13:13 PM on ‎1/‎18/‎2020 was unexpected.

    Error: (01/18/2020 09:19:16 AM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.

    Error: (01/17/2020 02:45:38 PM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.

    Error: (01/17/2020 01:34:39 PM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.

    Error: (01/17/2020 01:14:26 PM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.

    Error: (01/17/2020 12:54:10 PM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.

    Error: (01/17/2020 12:33:56 PM) (Source: volsnap) (EventID: 67) (User: )
    Description: The shadow copy of volume C: being created failed to install.


    CodeIntegrity:
    ===================================

    Date: 2020-01-18 14:14:20.753
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-01-18 14:14:20.751
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-01-18 14:11:57.306
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-01-18 14:11:57.303
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-01-18 14:10:26.210
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-01-18 14:10:26.209
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-01-18 14:02:35.816
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-01-18 14:02:35.814
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. FX705GM.301 09/21/2018
    Motherboard: ASUSTeK COMPUTER INC. FX705GM
    Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Percentage of memory in use: 37%
    Total physical RAM: 16234.78 MB
    Available physical RAM: 10192.59 MB
    Total Virtual: 20074.78 MB
    Available Virtual: 12689.54 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:475.89 GB) (Free:416.31 GB) NTFS

    \\?\Volume{09d35db1-1828-435f-8072-e474628bffa1}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.35 GB) NTFS
    \\?\Volume{abea5931-87cc-4508-a1b8-0bde26cd6028}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 476.9 GB) (Disk ID: 07F9CB3E)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===============================

    You're not saying what the problems are.

  5. #5
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    She was getting a popup, "Windows Defender Browser Protection"
    Adding pic,20200115_201130 (002).jpg

  6. #6
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    That may be simply browser redirection to some malicious site but we can run some check. In FRST logs I didn't see anything malicious.

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  7. #7
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    RogueKiller Anti-Malware V14.0.4.0 (x64) [Jan 6 2020] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.18362) 64 bits
    Started in : Normal mode
    User : CUTBI [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20200116_111743, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2020/01/19 04:10:05 (Duration : 00:05:58)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  8. #8
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.1.0
    # -------------------------------
    # Build: 12-17-2019
    # Database: 2020-01-15.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 01-19-2020
    # Duration: 00:00:14
    # OS: Windows 10 Home
    # Scanned: 34764
    # Detected: 10


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\ASUS GIFTBOX SERVICE
    Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}
    Preinstalled.ASUSHello Folder C:\Program Files (x86)\ASUS\ASUS HELLO
    Preinstalled.ASUSHello Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07D7D66C-C762-484F-A9EC-33200FDD1C4B}
    Preinstalled.ASUSHello Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Hello
    Preinstalled.ASUSHello Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}
    Preinstalled.ASUSHello Task C:\Windows\System32\Tasks\ASUS HELLO
    Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FC7CDF8-01E1-4AB0-A357-2D28DB8BF8DE}
    Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
    Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  9. #9
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/19/20
    Scan Time: 8:19 AM
    Log File: 22cb808c-3acf-11ea-99c4-0492260944a1.json

    -Software Information-
    Version: 4.0.4.49
    Components Version: 1.0.785
    Update Package Version: 1.0.17946
    License: Premium

    -System Information-
    OS: Windows 10 (Build 18362.592)
    CPU: x64
    File System: NTFS
    User: LAPTOP-BPCC9RTR\CUTBI

    -Scan Summary-
    Scan Type: Custom Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 375646
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 1 hr, 38 min, 51 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    This computer is clean. I don't see any issues there.

  11. #11
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    Thank you

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You're very welcome

  13. #13
    Join Date
    Jan 2003
    Location
    Idaho
    Posts
    642
    There are 3 sites all alike at this IP. I am going to try adding them to the host file to block them.
    I'll give the laptop back to my sister and we'll see what happens.

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Sometimes, you can't avoid situations like that. As long as you don't click anything there and obviously you don't call displayed phone number nothing will happen. Simply close that tab and you're good

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •