1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Incredibly Slow computer

Discussion in 'Virus & Other Malware Removal' started by medic17506, Oct 15, 2019.

Advertisement
  1. medic17506

    medic17506 Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    272
    First Name:
    Brandon
    So this Dell Inspiron 17 7000 Series is my daughter's work computer but super super slow - nearly unuable...at nearly $2000 less than 2 years ago...it's DRIVING me NUTS!

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz, Intel64 Family 6 Model 142 Stepping 9
    Processor Count: 4
    RAM: 16250 Mb
    Graphics Card: Intel(R) HD Graphics 620, 1024 Mb
    Hard Drives: C: 117 GB (63 GB Free); D: 931 GB (931 GB Free);
    Motherboard: Dell Inc., 04PYT3
    Antivirus: Windows Defender, Enabled and Updated
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,007
    First Name:
    Frank
    Your daughter appears to actually have a Dell Inspiron 7779 17.3" 2-in-1 laptop.
    It has an Intel Core i7-7500U 2.70 GHz dual core processor and 16 GB of DDR4 RAM, so it should NOT be running slow.

    The first things that come to mind is overheating or an infestation of malware/spyware/viruses or a massive number of running processes.
    The overheating and running processes issues is something that you can check for yourself.
    The malware/spyware/viruses issue is something that one of the Malware Removal Specialists here will need to help you with.

    ---------------------------------------------------------------
     
  3. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    626
    Hi medic17506, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  4. medic17506

    medic17506 Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    272
    First Name:
    Brandon
    Thank you so much for your help...find your requested reports below...

    Addition

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2019
    Ran by kylee (22-10-2019 10:25:18)
    Running from C:\Users\kylee\Desktop
    Windows 10 Home Version 1803 17134.1006 (X64) (2018-05-18 13:57:11)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3260423317-1574689437-1339861475-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3260423317-1574689437-1339861475-503 - Limited - Disabled)
    Guest (S-1-5-21-3260423317-1574689437-1339861475-501 - Limited - Disabled)
    kylee (S-1-5-21-3260423317-1574689437-1339861475-1002 - Administrator - Enabled) => C:\Users\kylee
    WDAGUtilityAccount (S-1-5-21-3260423317-1574689437-1339861475-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
    GoToMeeting 10.2.1.15404 (HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\GoToMeeting) (Version: 10.2.1.15404 - LogMeIn, Inc.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden
    Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
    Intel® Integrated Sensor Solution (HKLM-x32\...\{b3782b53-1b6c-436a-b0f0-f65d83ae74d9}) (Version: 3.0.30.1119 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
    ISS_Drivers_x64 (HKLM\...\{6F91DCD1-30DB-449C-AE79-6948BEB15825}) (Version: 3.0.30.1119 - Intel Corporation) Hidden
    Kodi (HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\Kodi) (Version: - XBMC-Foundation)
    KONICA MINOLTA TWAIN V4 (HKLM-x32\...\{C3A1EEDD-2BC2-407B-A172-865E513ABE15}) (Version: 4.0.34000 - KONICA MINOLTA)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
    Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.12026.20334 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
    NVIDIA Graphics Driver 391.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.25 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
    NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
    NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
    NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
    Qbox Client (HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\9bc388c446a7e905) (Version: 4.0.3.12 - CoralTree, Inc.)
    QuickBooks (HKLM-x32\...\{3B32E8ED-D3EA-4967-BE1B-35233AA2FDC0}) (Version: 27.0.4007.2702 - Intuit Inc.) Hidden
    QuickBooks Enterprise Solutions: Accountant Edition 17.0 (HKLM-x32\...\{F77C660F-612B-4F76-BE68-91D2831BDB77}) (Version: 27.0.4007.2702 - Intuit Inc.)
    QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.40 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
    Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
    SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
    System Mechanic (HKLM\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 19.1.2.69 - iolo Technologies, LLC)
    Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.22654 - Microsoft Corporation)
    True Color (HKLM\...\{843D1B75-7A4E-4C8C-8348-BDF6C6EC3333}) (Version: 1.0.1.1 - Entertainment Experience LLC) Hidden
    True Color (HKLM-x32\...\{c38d939e-31d4-44fa-a07a-d28915046b7d}) (Version: 7.9.0.0 - Entertainment Experience)
    True Color XML Tables (HKLM\...\{EAE8B515-AC0E-46A8-AA41-CAD18E4094CD}) (Version: 7.10.0.0 - Entertainment Experience LLC) Hidden
    TrueColorXMLTables (HKLM-x32\...\{bf377b78-c440-4ce9-a962-2fde04e6d4cd}) (Version: 7.10.0.0 - Entertainment Experience)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
    Zoom (HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\ZoomUMX) (Version: 4.3 - Zoom Video Communications, Inc.)

    Packages:
    =========
    Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-09-11] (Autodesk Inc.)
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-10-22] (king.com)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-17] (king.com)
    Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra [2019-10-15] (Nordcurrent)
    Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2 [2019-09-11] (Dell Inc)
    Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-10-15] (Dell Inc)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-15] (HP Inc.)
    Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-09-11] (Keeper Security Inc)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-15] (Microsoft Corporation) [MS Ad]
    March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.4.0.10_x86__h6adky7gbf63m [2019-10-22] (Gameloft.)
    Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-09-11] (Facebook Inc)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.7.0_x64__8wekyb3d8bbwe [2018-07-29] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-16] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-15] (Microsoft Studios) [MS Ad]
    Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.101.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Studios)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
    Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-08-24] (Plex)
    Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation)
    Virtual Families 2: My Dream Home -> C:\Program Files\WindowsApps\LastDayofWork.VirtualFamilies2MyDreamHome_1.1.0.5_x64__d532r1j86my6c [2017-12-12] (Last Day of Work)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3260423317-1574689437-1339861475-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kylee\AppData\Local\GoToMeeting\7759\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3260423317-1574689437-1339861475-1002_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
    ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\iolo technologies\System Mechanic\x64\Incinerator.dll [2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\iolo technologies\System Mechanic\x64\Incinerator.dll [2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-16] (NVIDIA Corporation -> NVIDIA Corporation)

    ==================== Codecs (Whitelisted) ==================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) ==============

    2019-09-11 18:56 - 2019-09-11 18:56 - 000017920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\QBWCInterfaces\522c1c85618f10d20e71bf8694cbf4da\QBWCInterfaces.ni.dll
    2016-05-17 23:31 - 2016-05-17 23:31 - 000140288 _____ () [File not signed] C:\WINDOWS\system32\DPPPlugin.dll
    2017-05-03 19:20 - 2017-05-03 19:20 - 000086016 _____ (Dell Inc.) [File not signed] C:\Program Files\Dell\QuickSet\dadkeyb.dll
    2019-09-11 18:56 - 2019-09-11 18:56 - 000035840 _____ (Intuit) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\QBWCCommon\c3b943a6f45da325aaad4d4fb0efc5fc\QBWCCommon.ni.dll
    2018-12-04 13:10 - 2018-12-04 13:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\kylee\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\sharepoint.com -> hxxps://baronsinc-files.sharepoint.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\kylee\Pictures\wallpapers\Untitled.png
    DNS Servers: 192.168.100.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: QBCFMonitorService => 2
    MSCONFIG\Services: QBVSS => 2
    HKLM\...\StartupApproved\StartupFolder: => "qbupdate.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0B54E71D-2A39-455E-8D1F-C579F07A9E79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{B73C4236-A606-4E77-9115-C5A2DD73559C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{A8113322-BC75-41B5-833E-844748EDC42A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{40029A74-EF28-4ADA-8956-2D7B1DE31559}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{4197B363-1731-4863-B18B-7EFD1FDEEC86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [TCP Query User{B1536838-E644-4355-AC09-0FE16F9FAD17}C:\users\administrator\appdata\local\temp\test.exe] => (Allow) C:\users\administrator\appdata\local\temp\test.exe No File
    FirewallRules: [UDP Query User{CBB345C8-28A8-4A3F-9ADF-AF304A4498D4}C:\users\administrator\appdata\local\temp\test.exe] => (Allow) C:\users\administrator\appdata\local\temp\test.exe No File
    FirewallRules: [TCP Query User{93407FED-49F7-4E02-ACC2-439CF5E706EB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
    FirewallRules: [UDP Query User{654867EF-8427-4A94-8D24-6217ADB2B435}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
    FirewallRules: [{B1E3C559-764B-40E1-A564-1BE6849A062B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{BCF40703-F788-42D9-98FE-ED2AA09FE5EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{23F725AD-1FC7-492F-9BCE-C4E621B40064}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [{D566DA4D-3E98-4807-9980-DFE38A2DD493}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{6195EC8D-AA98-42CE-A192-68060B682E21}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{C34A782F-A1CE-4CDD-ABF5-8FD55C6F4FBF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{22AC18BF-8794-4198-A406-869C3AF0489B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    15-10-2019 13:54:23 Scheduled Checkpoint
    22-10-2019 08:49:38 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/22/2019 09:35:56 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Project_Win8.exe, version: 0.0.0.0, time stamp: 0x5d9b4980
    Faulting module name: xaudio2_9.DLL, version: 10.0.17134.1, time stamp: 0x4416244b
    Exception code: 0xc0000005
    Fault offset: 0x00020d0c
    Faulting process id: 0x1d44
    Faulting application start time: 0x01d588e5c552c870
    Faulting application path: C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra\Project_Win8.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\xaudio2_9.DLL
    Report Id: 07dd973e-25bd-4adf-aa94-5e714b6c1a2b
    Faulting package full name: NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra
    Faulting package-relative application ID: App

    Error: (10/22/2019 09:35:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Project_Win8.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 65310D0C
    Stack:

    Error: (10/22/2019 08:45:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 12b4

    Start Time: 01d585d8ed0e80a7

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

    Report Id: 20f7e822-c3cf-4ce7-93f4-f30276a522aa

    Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy

    Faulting package-relative application ID: WindowsDefaultLockScreen

    Error: (10/16/2019 09:02:43 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/15/2019 07:34:23 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (10/15/2019 07:34:23 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (10/15/2019 11:44:30 AM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

    Error: (10/15/2019 11:44:30 AM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.


    System errors:
    =============
    Error: (10/22/2019 09:38:19 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G06166O)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DESKTOP-G06166O\kylee SID (S-1-5-21-3260423317-1574689437-1339861475-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 09:31:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 09:31:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 09:30:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 09:30:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 08:49:24 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G06166O)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user DESKTOP-G06166O\kylee SID (S-1-5-21-3260423317-1574689437-1339861475-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 08:46:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/22/2019 08:46:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2019-10-22 09:30:43.707
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {8E86E91E-D79F-4E59-9361-3901EBE13CEB}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-09-09 15:25:10.133
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {4F3D98B3-7D71-441B-84A6-867BB0742352}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-03-17 22:44:43.980
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {5ECE04CE-9417-4F4F-B2DD-7260A72582D1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-02-26 14:04:22.028
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C917C5ED-C588-47D4-92A2-54C67C6F87AD}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-25 17:29:12.219
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {20E67B59-1347-4945-AB14-6AC0F799B0FF}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-09-09 16:18:54.701
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.1487.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-09-09 16:09:47.367
    Description:
    Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted: Current
    Error Code: 0x80070003
    Error description: The system cannot find the path specified.
    Signature version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0

    Date: 2019-03-18 19:35:58.512
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.1487.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-03-16 23:58:49.963
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.287.803.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.8
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2019-03-16 23:58:49.914
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.287.803.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.8
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    ==================== Memory info ===========================

    BIOS: Dell Inc. 1.25.0 05/14/2018
    Motherboard: Dell Inc. 04PYT3
    Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    Percentage of memory in use: 32%
    Total physical RAM: 16250.14 MB
    Available physical RAM: 10967.91 MB
    Total Virtual: 17274.14 MB
    Available Virtual: 11218.08 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:117.93 GB) (Free:51.46 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:931.18 GB) NTFS

    \\?\Volume{70644460-79e0-474b-88b6-6653e51afce9}\ (Windows RE Tools) (Fixed) (Total:0.7 GB) (Free:0.3 GB) NTFS
    \\?\Volume{0caeddec-173c-4679-9dcb-16db38523491}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 49410949)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 119.2 GB) (Disk ID: 4A64228A)

    Partition: GPT.

    ==================== End of Addition.txt ===========================

    AND FRST

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2019
    Ran by kylee (administrator) on DESKTOP-G06166O (Dell Inc. Inspiron 17-7779) (22-10-2019 09:59:07)
    Running from C:\Users\kylee\Desktop
    Loaded Profiles: kylee (Available Profiles: kylee)
    Platform: Windows 10 Home Version 1803 17134.1006 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Dell Inc -> ) C:\Config.Msi\948c9.rbf
    (Dell Inc.) [File not signed] C:\Program Files\Dell\QuickSet\quickset.exe
    (Entertainment Experience LLC -> ) C:\Program Files\TrueColor\TrueColorALS.exe
    (Entertainment Experience LLC -> Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.301\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.301\GoogleCrashHandler64.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxext.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intuit, Inc. -> Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
    (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe
    (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files\iolo technologies\System Mechanic\PrivacyGuardian\Netfilter\PrivacyGuardianFilter.exe
    (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files\iolo technologies\System Mechanic\SSTray.exe
    (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files\iolo technologies\System Mechanic\x64\LBGovernor.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\kylee\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1908.0.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1063_none_c3f457ba6965bb0b\TiWorker.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
    (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
    (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
    (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3910656 2017-05-03] (Dell Inc.) [File not signed]
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1893312 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19638160 2016-12-28] (Entertainment Experience LLC -> Entertainment Experience)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [976768 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
    HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [82543336 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\Run: [Qbox Client] => C:\Users\kylee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoralTree, Inc\Qbox Client.appref-ms [308 2017-11-06] () [File not signed]
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\kylee\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\kylee\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\RunOnce: [Uninstall 19.152.0801.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kylee\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64"
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\...\RunOnce: [Uninstall 19.152.0801.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kylee\AppData\Local\Microsoft\OneDrive\19.152.0801.0008"
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-15] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2017-09-25]
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2017-09-25]
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2017-09-25]
    ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit, Inc. -> Intuit)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2017-09-25]
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00A97CF5-9E1F-4697-9461-C64E6CF2F8CF} - System32\Tasks\iolo\ioloTUDsDownloader => C:\Program Files\iolo technologies\System Mechanic\activebridge.exe [566544 2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    Task: {01FD7F2E-FB1F-4A79-9C49-8F3E17D431E1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [122344 2019-10-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {0CE4425E-ED26-493E-848A-B57DFF76D432} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {0D782325-F4C5-4BE5-8371-ADC0009BE1AF} - System32\Tasks\iolo\ActiveReporter => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [566544 2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    Task: {0F1C04B5-DCFA-4C79-A917-DDFDDC5DD95D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {4B72C2E1-F5B0-4ADD-9862-90FE34CADB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {50E9496E-65FA-4E81-AF26-BA1C4E4733BC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {54A6C7D2-1A9F-42FB-BF60-95AD4B6697DD} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [817472 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    Task: {6E31B318-FE61-4C0F-8AB9-2103A0DF3C3A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1693632 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {72DA4B3A-304E-4860-888C-72DC92A519ED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27295856 2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
    Task: {89CE7AD4-63AC-4EBD-B8F7-4C4B7BE7657C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [122344 2019-10-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8CA944F3-FC41-43CC-A822-8999593F45C2} - System32\Tasks\Live Boost Process Governor => C:\Program Files\iolo technologies\System Mechanic\x64\LBgovernor.exe [956688 2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    Task: {948A5428-F598-411C-9DE7-8BDDBA3DBE94} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27295856 2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
    Task: {96ED1628-AA48-4DB6-A16C-61457678830E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-28] (Google Inc -> Google Inc.)
    Task: {99210FDF-6016-4BBB-9B20-7FE14493E963} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-12-04] (Rivet Networks LLC -> DELL)
    Task: {9B011184-4E02-4245-99A8-F86C26161AB6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1430176 2019-10-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9C523404-3F6B-4373-81B0-A0DD3C8C27AA} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [390832 2017-03-07] (Intuit, Inc. -> )
    Task: {9CF4EB56-1678-466F-9405-0BCFCDD53237} - System32\Tasks\G2MUpdateTask-S-1-5-21-3260423317-1574689437-1339861475-1002 => C:\Users\kylee\AppData\Local\GoToMeeting\15404\g2mupdate.exe [32256 2019-10-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {A539287B-D4A2-4858-9FCD-FA37149E08D9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649152 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A974029B-144B-4170-923E-BBC54815BD11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {AB413F08-89B1-4C66-A189-EBDC9A3FEB27} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {AC708107-310D-4881-841A-38A658C42C5A} - System32\Tasks\iolo\ActiveMessenger => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [566544 2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    Task: {B1DD7873-1F17-4274-9030-C3A71143BBF9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1430176 2019-10-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B32F036E-003E-4D4F-9E4E-B23744133713} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {BE100736-BA62-43D1-935A-6413815B2EC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {DA1FFD91-E4ED-45EE-8477-3BB40EBF83AF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {DD06DB6E-C387-420B-96B6-D47CB850010E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1577608 2019-10-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {ECF2A4B5-1896-499D-AB85-58CDCAD8B40A} - System32\Tasks\iolo\ActiveSync => C:\Program Files\iolo technologies\System Mechanic\activebridge.exe [566544 2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)
    Task: {EF2839CE-224A-4995-9326-7753ED845FB5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649152 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {F0C43F62-320A-4FDA-80D5-2167F98AB813} - System32\Tasks\G2MUploadTask-S-1-5-21-3260423317-1574689437-1339861475-1002 => C:\Users\kylee\AppData\Local\GoToMeeting\15404\g2mupload.exe [32256 2019-10-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {FD38FFFB-8898-4642-BD01-850902077D58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-28] (Google Inc -> Google Inc.)
    Task: {FE008143-7EB8-4152-A8E0-FE70F71B02DC} - System32\Tasks\iolo\ioloActiveCare => C:\Program Files\iolo technologies\System Mechanic\systemmechanic.exe [3068184 2019-09-09] (iolo technologies, LLC -> iolo technologies, LLC)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3260423317-1574689437-1339861475-1002.job => C:\Users\kylee\AppData\Local\GoToMeeting\15404\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3260423317-1574689437-1339861475-1002.job => C:\Users\kylee\AppData\Local\GoToMeeting\15404\g2mupload.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
    Tcpip\..\Interfaces\{4b631c10-2d56-4402-9fe8-cd4e0d5a4371}: [DhcpNameServer] 10.1.0.30 10.1.0.2
    Tcpip\..\Interfaces\{9896a953-3816-4aa0-b1f4-575563f9951f}: [DhcpNameServer] 192.168.100.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\HelpAsyncPluggableProtocol.dll [2017-10-04] (Intuit, Inc. -> Intuit, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2018-04-11] (Microsoft Windows -> Microsoft Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\kylee\Downloads

    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.301\npGoogleUpdate3.dll [2019-10-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.301\npGoogleUpdate3.dll [2019-10-15] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-3260423317-1574689437-1339861475-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\kylee\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-01-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.facebook.com/?ref=hp
    CHR Profile: C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default [2019-10-22]
    CHR Extension: (Slides) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
    CHR Extension: (Docs) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
    CHR Extension: (Google Drive) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-28]
    CHR Extension: (YouTube) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-28]
    CHR Extension: (Honey) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-10-22]
    CHR Extension: (Sheets) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
    CHR Extension: (Google Docs Offline) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
    CHR Extension: (Avast Online Security) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-09-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-15]
    CHR Extension: (Gmail) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-09]
    CHR Extension: (Chrome Media Router) - C:\Users\kylee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-22]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642472 2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
    R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
    R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-02] (Intel Corporation - pGFX -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [743728 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [720184 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation -> )
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2017-03-07] (Intuit Inc.) [File not signed]
    R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
    R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93072 2016-12-12] (Entertainment Experience LLC -> )
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-16] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)
    S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
    S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
    S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation)
    R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corporation -> Wistron Corp.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-12] (Intel Corporation -> Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-12] (Intel Corporation -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-08-12] (Intel Corporation -> Intel Corporation)
    R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel(R) Software -> Intel Corporation)
    R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
    R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_2c7c773e20d8bcfa\nvlddmkm.sys [17538080 2018-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-04] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2016-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
    R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-16] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-16] (Microsoft Windows -> Microsoft Corporation)
    S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
    S1 netfilter2; system32\drivers\netfilter2.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-22 09:59 - 2019-10-22 10:16 - 000037204 _____ C:\Users\kylee\Desktop\FRST.txt
    2019-10-22 09:55 - 2019-10-22 10:10 - 000000000 ____D C:\FRST
    2019-10-22 09:48 - 2019-10-22 09:47 - 001617408 _____ (Farbar) C:\Users\kylee\Desktop\FRST64 (1).exe
    2019-10-22 09:46 - 2019-10-22 09:47 - 001617408 _____ (Farbar) C:\Users\kylee\Downloads\FRST64 (1).exe
    2019-10-17 22:19 - 2019-10-17 22:19 - 001616384 _____ (Farbar) C:\Users\kylee\Downloads\FRST64.exe
    2019-10-16 11:03 - 2019-10-16 11:04 - 000000000 ___HD C:\$WINDOWS.~BT
    2019-10-15 14:25 - 2019-10-15 14:25 - 000748192 _____ (TechGuy, Inc.) C:\Users\kylee\Downloads\SysInfo.exe
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2019-10-15 13:13 - 2019-10-15 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2019-10-15 12:26 - 2019-10-22 08:50 - 000000000 ____D C:\WINDOWS\UpdateAssistant
    2019-10-15 12:22 - 2019-10-15 12:22 - 000000000 ____D C:\Program Files (x86)\Teams Installer

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-22 09:57 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-10-22 09:31 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2019-10-22 09:30 - 2018-05-18 08:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-10-22 09:02 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-10-22 09:02 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-10-22 08:52 - 2017-08-24 22:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-10-22 08:48 - 2018-05-18 08:57 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{892D6534-541E-4FC6-A905-403A081FE5A8}
    2019-10-22 08:43 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-10-17 23:20 - 2018-05-18 08:57 - 000003836 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-3260423317-1574689437-1339861475-1002
    2019-10-17 23:20 - 2018-05-18 08:57 - 000003740 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-3260423317-1574689437-1339861475-1002
    2019-10-17 23:20 - 2017-10-30 13:37 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3260423317-1574689437-1339861475-1002.job
    2019-10-17 23:20 - 2017-10-30 13:37 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3260423317-1574689437-1339861475-1002.job
    2019-10-17 23:20 - 2017-10-30 13:37 - 000000000 ____D C:\Users\kylee\AppData\Local\GoToMeeting
    2019-10-16 11:11 - 2018-05-16 22:59 - 000000000 ___DC C:\WINDOWS\Panther
    2019-10-16 10:10 - 2018-02-12 18:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-10-15 14:37 - 2017-09-28 10:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-10-15 14:37 - 2017-09-28 10:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-10-15 14:37 - 2017-09-28 10:58 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2019-10-15 14:27 - 2018-05-18 08:57 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-10-15 14:27 - 2018-05-18 08:57 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-10-15 14:17 - 2017-09-28 10:57 - 000000000 ____D C:\Program Files (x86)\Google
    2019-10-15 12:52 - 2019-09-09 16:21 - 000000000 ____D C:\Users\kylee\AppData\Local\ElevatedDiagnostics
    2019-10-15 12:43 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-10-15 12:28 - 2018-01-02 19:31 - 000000000 ____D C:\Users\kylee\AppData\Local\Packages
    2019-10-15 12:26 - 2017-08-25 14:53 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-10-15 12:18 - 2017-08-25 14:53 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-10-15 12:05 - 2018-05-18 08:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3260423317-1574689437-1339861475-1002
    2019-10-15 12:04 - 2018-05-18 08:52 - 000002369 _____ C:\Users\kylee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-10-15 12:04 - 2017-08-24 22:46 - 000000000 ___RD C:\Users\kylee\OneDrive
    2019-10-15 12:01 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2019-10-15 12:01 - 2017-09-08 10:57 - 000000000 ____D C:\ProgramData\SupportAssist
    2019-10-15 12:01 - 2017-08-18 14:44 - 000000000 ____D C:\Program Files\Dell
    2019-10-15 12:00 - 2019-09-09 14:42 - 000009845 _____ C:\WINDOWS\ZAM.krnl.trace
    2019-10-15 12:00 - 2017-08-18 14:44 - 000000000 ____D C:\ProgramData\PCDr
    2019-10-15 11:36 - 2019-09-09 14:42 - 000000000 ____D C:\Users\kylee\AppData\Local\AMSDK
    2019-10-15 11:36 - 2018-05-18 08:59 - 000000000 ____D C:\Users\kylee\AppData\Local\Deployment
    2019-10-15 11:34 - 2019-09-09 14:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\iolo
    2019-10-15 11:30 - 2017-08-24 22:44 - 000000000 __SHD C:\Users\kylee\IntelGraphicsProfiles
    2019-10-15 11:29 - 2018-05-18 08:52 - 000000000 ____D C:\Users\kylee
    2019-10-15 11:22 - 2017-08-18 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2019-10-15 11:10 - 2018-05-18 08:56 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-10-15 11:00 - 2018-05-18 08:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-10-15 11:00 - 2017-08-18 14:52 - 000000000 ____D C:\ProgramData\NVIDIA

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================
     
  5. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    626
    Hi medic17506,

    Personally, I don't recommend the use of system optimizers/registry cleaners. See here for more information.

    If you decide to uninstall this program, you can do so via Start > Settings icon > Apps.

    ---------------------------------------------------

    No malware was found in your logs. This FRST fix will clean up a few "orphaned" registry entries.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      CustomCLSID: HKU\S-1-5-21-3260423317-1574689437-1339861475-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kylee\AppData\Local\GoToMeeting\7759\G2MOutlookAddin64.dll => No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      AlternateDataStreams: C:\Users\kylee\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
      FirewallRules: [TCP Query User{B1536838-E644-4355-AC09-0FE16F9FAD17}C:\users\administrator\appdata\local\temp\test.exe] => (Allow) C:\users\administrator\appdata\local\temp\test.exe No File
      FirewallRules: [UDP Query User{CBB345C8-28A8-4A3F-9ADF-AF304A4498D4}C:\users\administrator\appdata\local\temp\test.exe] => (Allow) C:\users\administrator\appdata\local\temp\test.exe No File
      S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
      S1 netfilter2; system32\drivers\netfilter2.sys [X]
      Emptytemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
     
  6. medic17506

    medic17506 Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    272
    First Name:
    Brandon
    Thanks again for your help!

    rebooted, here's the log:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2019
    Ran by kylee (24-10-2019 11:42:47) Run:1
    Running from C:\Users\kylee\Desktop
    Loaded Profiles: kylee (Available Profiles: kylee)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-3260423317-1574689437-1339861475-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kylee\AppData\Local\GoToMeeting\7759\G2MOutlookAddin64.dll => No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    AlternateDataStreams: C:\Users\kylee\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
    FirewallRules: [TCP Query User{B1536838-E644-4355-AC09-0FE16F9FAD17}C:\users\administrator\appdata\local\temp\test.exe] => (Allow) C:\users\administrator\appdata\local\temp\test.exe No File
    FirewallRules: [UDP Query User{CBB345C8-28A8-4A3F-9ADF-AF304A4498D4}C:\users\administrator\appdata\local\temp\test.exe] => (Allow) C:\users\administrator\appdata\local\temp\test.exe No File
    S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
    S1 netfilter2; system32\drivers\netfilter2.sys [X]
    Emptytemp:

    *****************

    Restore point was successfully created.
    HKU\S-1-5-21-3260423317-1574689437-1339861475-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    C:\Users\kylee\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B1536838-E644-4355-AC09-0FE16F9FAD17}C:\users\administrator\appdata\local\temp\test.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CBB345C8-28A8-4A3F-9ADF-AF304A4498D4}C:\users\administrator\appdata\local\temp\test.exe" => removed successfully
    HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
    amsdk => service removed successfully
    HKLM\System\CurrentControlSet\Services\netfilter2 => removed successfully
    netfilter2 => service removed successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 9723904 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94761105 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 296168789 B
    Edge => 25316388 B
    Chrome => 442399120 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 6656 B
    ProgramData => 6656 B
    Public => 6656 B
    systemprofile => 14383737 B
    systemprofile32 => 14383737 B
    LocalService => 14383737 B
    NetworkService => 19422805 B
    kylee => 145741641 B

    RecycleBin => 0 B
    EmptyTemp: => 1 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 11:50:54 ====
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    626
    Hi medic17506,

    How is the computer doing?
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1234296

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice