1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress System Warning

Discussion in 'Virus & Other Malware Removal' started by midiboy, Jan 17, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. midiboy

    midiboy Thread Starter

    Joined:
    Dec 12, 2008
    Messages:
    32
    First Name:
    Scott
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Pro, 64 bit
    Processor: AMD Ryzen 7 2700X Eight-Core Processor, AMD64 Family 23 Model 8 Stepping 2
    Processor Count: 16
    RAM: 8142 Mb
    Graphics Card: NVIDIA GeForce GT 710, 1024 Mb
    Hard Drives: C: 222 GB (151 GB Free);
    Motherboard: Gigabyte Technology Co., Ltd., AB350M-DS3H-CF
    Antivirus: Windows Defender, Disabled

    Getting "system warning" popup; Trend Micro, Malwarebytes, Adwcleaner and Hitman Pro all find nothing, but this popup keeps reappearing in Internet Explorer. No add-ons or extensions are seen; IE has been reset. No rogue programs installed.

    Suggestions?
     

    Attached Files:

  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    510
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.
    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.[/*]
    • Please read all instructions carefully, and complete them in the order listed.[/*]
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.[/*]
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.[/*]
    • If you have questions about anything, please ask.[/*]

    --------------------

    Download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, two log files will pop up - FRST.txt and Addition.txt.
    • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.
    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. midiboy

    midiboy Thread Starter

    Joined:
    Dec 12, 2008
    Messages:
    32
    First Name:
    Scott
    Thanks so much for you assistance, iMacg3. BTW I graduated from IU, '84.

    ______________________________________________________________

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
    Ran by Admin (administrator) on RC-SOUTH (18-01-2019 23:14:04)
    Running from C:\Users\Admin\Desktop
    Loaded Profiles: Admin (Available Profiles: Admin & Julia Spigarelli)
    Platform: Windows 10 Pro Version 1809 17763.253 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
    (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\logWriter.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\CPM\TMCPMAdapter.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmsaInstance64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_desktop.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2018-02-02] (Carbonite, Inc.)
    HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
    HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [3905216 2019-01-03] (Trend Micro Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4050752 2019-01-08] (Dropbox, Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2018-11-03]
    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
    Startup: C:\Users\Julia Spigarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-01-08]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{b219737f-7110-45d5-b453-9714f404d998}: [DhcpNameServer] 192.168.1.1
    Internet Explorer:
    ==================
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation)
    BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg.dll [2019-01-04] (Trend Micro Inc.)
    BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmBpIe64.dll [2019-01-03] (Trend Micro Inc.)
    BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg32.dll [2019-01-04] (Trend Micro Inc.)
    BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\module\BES\IE32\TmBpIe32.dll [2019-01-03] (Trend Micro Inc.)
    DPF: HKLM-x32 {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} hxxp://unitedpresbyassoc.onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmBpIe64.dll [2019-01-03] (Trend Micro Inc.)
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\module\BES\IE32\TmBpIe32.dll [2019-01-03] (Trend Micro Inc.)
    Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg.dll [2019-01-04] (Trend Micro Inc.)
    Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg32.dll [2019-01-04] (Trend Micro Inc.)
    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-03] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
    Chrome:
    =======
    CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2019-01-18]
    CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-19]
    CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-19]
    CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-19]
    CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-19]
    CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-19]
    CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-19]
    CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-19]
    CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
    R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
    R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-26] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-26] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-01-08] (Dropbox, Inc.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [9181880 2019-01-03] (Trend Micro Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-09] (Microsoft Corporation)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
    R2 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [353264 2019-01-04] (Trend Micro Inc.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH)
    R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [511904 2018-11-26] (Trend Micro Inc.)
    R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [1664856 2019-01-03] (Trend Micro Inc.)
    R2 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [5799208 2019-01-03] (Trend Micro Inc.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-01] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-01] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices, Inc)
    R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24424 2016-08-12] (Advanced Micro Devices, Inc)
    R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices)
    R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. )
    R3 dbx; C:\WINDOWS\System32\DRIVERS\dbx.sys [47800 2019-01-08] (Dropbox, Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Realtek )
    R2 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [136208 2018-11-26] (Trend Micro Inc.)
    R1 tmcomm; C:\WINDOWS\system32\DRIVERS\tmcomm.sys [454848 2018-10-23] (Trend Micro Inc.)
    R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2018-10-23] (Trend Micro Inc.)
    S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2018-10-23] (Trend Micro Inc.)
    R2 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [100400 2018-11-26] (Trend Micro Inc.)
    R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [396944 2019-01-03] (Trend Micro Inc.)
    R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [70288 2019-01-03] (Trend Micro Inc.)
    R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [151312 2018-10-23] (Trend Micro Inc.)
    R3 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [134840 2018-10-23] (Trend Micro Inc.)
    R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2788504 2019-01-03] (Trend Micro Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-01] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-01] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-01] (Microsoft Corporation)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-01-17] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-01-17] (Zemana Ltd.)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-01-18 23:14 - 2019-01-18 23:14 - 000016859 _____ C:\Users\Admin\Desktop\FRST.txt
    2019-01-18 23:13 - 2019-01-18 23:14 - 000000000 ____D C:\FRST
    2019-01-18 23:12 - 2019-01-18 23:12 - 002427904 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
    2019-01-18 02:34 - 2019-01-18 02:34 - 000295840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-01-17 20:36 - 2019-01-18 23:14 - 000447536 _____ C:\WINDOWS\ZAM.krnl.trace
    2019-01-17 20:36 - 2019-01-18 23:14 - 000437655 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2019-01-17 20:36 - 2019-01-17 20:36 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2019-01-17 20:36 - 2019-01-17 20:36 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2019-01-17 20:36 - 2019-01-17 20:36 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2019-01-17 20:36 - 2019-01-17 20:36 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\Zemana
    2019-01-17 20:36 - 2019-01-17 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2019-01-17 20:36 - 2019-01-17 20:36 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2019-01-17 20:31 - 2019-01-17 20:31 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\D3DSCache
    2019-01-17 18:55 - 2019-01-17 18:55 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2019-01-17 18:55 - 2019-01-17 18:55 - 000000000 ____D C:\Program Files\HitmanPro
    2019-01-17 18:54 - 2019-01-17 18:57 - 000000000 ____D C:\ProgramData\HitmanPro
    2019-01-17 13:02 - 2019-01-17 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2019-01-16 21:07 - 2019-01-16 21:07 - 007320272 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.6.0.exe
    2019-01-16 21:06 - 2019-01-16 21:06 - 000000000 ____D C:\Users\Admin\AppData\Local\mbamtray
    2019-01-16 21:06 - 2019-01-16 21:06 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
    2019-01-16 21:06 - 2019-01-16 21:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Dropbox
    2019-01-15 09:35 - 2019-01-15 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent
    2019-01-09 21:17 - 2019-01-09 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-01-09 05:35 - 2019-01-09 05:35 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 020811776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 012858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 012151808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 009677352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-01-09 05:35 - 2019-01-09 05:35 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 006544800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 006057984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-01-09 05:35 - 2019-01-09 05:35 - 003952952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 003380224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 003338328 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002986352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002777432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002626360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-01-09 05:35 - 2019-01-09 05:35 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002437552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002275896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-01-09 05:35 - 2019-01-09 05:35 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 001058848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-01-09 05:35 - 2019-01-09 05:35 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-01-09 05:35 - 2019-01-09 05:35 - 001022464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000870400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000662528 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Pipeline.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000387384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000178696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-01-09 05:35 - 2019-01-09 05:35 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000140808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-01-09 05:35 - 2019-01-09 05:35 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowService.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000098816 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Broker.dll
    2019-01-09 05:35 - 2019-01-09 05:35 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-01-09 05:35 - 2019-01-09 05:35 - 000047112 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2019-01-09 05:35 - 2019-01-09 05:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    2019-01-08 10:22 - 2019-01-08 10:22 - 000001774 _____ C:\Users\Julia Spigarelli\Desktop\HWC logo 1.8.19 - Shortcut.lnk
    2019-01-08 06:07 - 2019-01-08 06:07 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-01-08 06:07 - 2019-01-08 06:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-01-08 06:07 - 2019-01-08 06:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-01-08 06:07 - 2019-01-08 06:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-01-08 06:07 - 2019-01-08 06:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
    2019-01-07 17:01 - 2019-01-07 17:01 - 000000000 ____D C:\AdwCleaner
    2019-01-07 16:59 - 2019-01-07 16:59 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\mbamtray
    2019-01-07 16:59 - 2019-01-07 16:59 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\mbam
    2019-01-07 09:28 - 2019-01-07 09:28 - 000000162 ____H C:\Users\Julia Spigarelli\Documents\~$huddoc.pdf
    2019-01-07 09:23 - 2019-01-07 17:12 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\LocalLow\Temp
    2019-01-02 15:35 - 2019-01-02 15:35 - 000001972 _____ C:\Users\Julia Spigarelli\Desktop\HWC Occupancy status 1.2.2019 - Shortcut.lnk
    2019-01-02 14:18 - 2019-01-08 10:40 - 000000000 ____D C:\Users\Julia Spigarelli\Documents\OneNote Notebooks
    2018-12-26 12:24 - 2018-12-26 12:24 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\ElevatedDiagnostics
    2018-12-26 12:14 - 2019-01-18 02:34 - 000000000 ___RD C:\Users\Julia Spigarelli\Dropbox (HWCommunity)
    2018-12-26 12:14 - 2018-12-26 12:14 - 000001299 _____ C:\Users\Julia Spigarelli\Desktop\Dropbox (HWCommunity).lnk
    2018-12-26 12:12 - 2018-12-26 12:12 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Roaming\Dropbox
    2018-12-26 12:11 - 2019-01-09 21:17 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2018-12-26 12:11 - 2018-12-26 12:24 - 000000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2018-12-26 12:11 - 2018-12-26 12:24 - 000000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2018-12-26 12:11 - 2018-12-26 12:14 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\Dropbox
    2018-12-26 12:11 - 2018-12-26 12:11 - 000004006 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2018-12-26 12:11 - 2018-12-26 12:11 - 000003774 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2018-12-26 12:11 - 2018-12-26 12:11 - 000000000 ____D C:\ProgramData\Dropbox
    2018-12-20 03:27 - 2018-12-20 03:27 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-12-20 03:27 - 2018-12-20 03:27 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    ==================== One month (modified) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-01-18 23:11 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-01-18 23:10 - 2018-12-15 02:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-01-18 23:06 - 2018-11-03 17:22 - 000013696 _____ C:\WINDOWS\cfgall.ini
    2019-01-18 09:00 - 2018-11-01 23:28 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-01-18 02:49 - 2018-09-15 00:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-01-18 02:49 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-01-18 02:41 - 2018-12-15 02:25 - 000875028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-01-18 02:41 - 2018-09-15 00:31 - 000000000 ____D C:\WINDOWS\INF
    2019-01-18 02:34 - 2018-12-15 02:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-01-18 02:34 - 2018-11-01 23:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2019-01-18 02:34 - 2018-09-14 23:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-01-18 02:33 - 2018-11-13 22:00 - 000048130 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
    2019-01-18 02:33 - 2018-09-14 23:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-01-18 02:25 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Roaming\TeamViewer
    2019-01-17 20:40 - 2018-12-15 02:17 - 000000000 ____D C:\Users\Julia Spigarelli
    2019-01-17 13:02 - 2018-11-03 16:35 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2019-01-17 13:02 - 2018-11-03 16:35 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2019-01-17 13:02 - 2018-11-03 16:35 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2019-01-17 13:02 - 2018-11-03 16:35 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2019-01-17 13:02 - 2018-11-03 16:35 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2019-01-17 13:02 - 2018-11-03 16:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-01-17 09:13 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\REs Mtgs
    2019-01-15 12:51 - 2018-11-03 16:53 - 000000000 ____D C:\Users\Julia Spigarelli\AppData\Local\Packages
    2019-01-09 05:49 - 2018-09-15 02:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2019-01-09 05:49 - 2018-09-15 02:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2019-01-09 05:49 - 2018-09-15 02:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2019-01-09 05:49 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-01-09 05:36 - 2018-09-15 00:23 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-01-09 05:32 - 2018-11-01 23:32 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-01-09 05:31 - 2018-11-01 23:32 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-01-08 10:23 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\RSC booklet
    2019-01-08 10:01 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\RSC Misc
    2019-01-07 22:08 - 2018-11-02 02:54 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-01-07 10:03 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\Res document
    2019-01-07 10:02 - 2018-12-11 19:01 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\Commodities
    2019-01-07 08:57 - 2018-12-11 18:53 - 000078848 _____ C:\Users\Julia Spigarelli\Documents\HWC, ABC Res Contact 10.2.2018.xls
    2019-01-07 07:41 - 2018-11-03 15:37 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-01-02 15:42 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\Res Occupancy
    2019-01-02 12:48 - 2018-09-15 00:36 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-01-02 12:48 - 2018-09-15 00:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-12-26 16:32 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-12-26 15:09 - 2018-12-11 18:46 - 000000000 ____D C:\Users\Julia Spigarelli\Desktop\Res Council
    2018-12-26 12:23 - 2018-11-01 23:22 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2018-12-22 03:52 - 2018-09-14 23:09 - 000000000 ____D C:\WINDOWS\servicing
    2018-12-19 23:19 - 2018-12-15 02:23 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3964560578-3134666677-54725085-1002
    2018-12-19 23:19 - 2018-12-15 02:17 - 000002363 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-12-19 23:19 - 2018-12-11 22:08 - 000000000 ___RD C:\Users\Admin\OneDrive
    2018-12-19 15:55 - 2018-12-11 18:42 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
    2018-12-19 15:12 - 2018-12-15 02:23 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3964560578-3134666677-54725085-1003
    2018-12-19 15:12 - 2018-12-15 02:17 - 000002396 _____ C:\Users\Julia Spigarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-12-19 15:12 - 2018-11-03 16:54 - 000000000 ___RD C:\Users\Julia Spigarelli\OneDrive
    2018-12-19 11:11 - 2018-12-11 18:45 - 000000000 ___RD C:\Users\Julia Spigarelli\Desktop\Dropbox (HWCommunity)
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    ==================== End of FRST.txt ============================



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
    Ran by Admin (18-01-2019 23:14:57)
    Running from C:\Users\Admin\Desktop
    Windows 10 Pro Version 1809 17763.253 (X64) (2018-12-15 09:23:38)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Admin (S-1-5-21-3964560578-3134666677-54725085-1002 - Administrator - Enabled) => C:\Users\Admin
    Administrator (S-1-5-21-3964560578-3134666677-54725085-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3964560578-3134666677-54725085-503 - Limited - Disabled)
    Guest (S-1-5-21-3964560578-3134666677-54725085-501 - Limited - Disabled)
    Julia Spigarelli (S-1-5-21-3964560578-3134666677-54725085-1003 - Administrator - Enabled) => C:\Users\Julia Spigarelli
    WDAGUtilityAccount (S-1-5-21-3964560578-3134666677-54725085-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Trend Micro Security Agent (Enabled - Up to date) {90387C74-1C56-9484-893C-8ADCB2906C3D}
    AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {2B599D90-3A6C-9B0A-B38C-B1AEC9172680}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
    Ashampoo WinOptimizer 15 (HKLM-x32\...\{4209F371-C86E-DC46-5245-9E069261137B}_is1) (Version: 15.00.05 - Ashampoo GmbH & Co. KG)
    Carbonite (HKLM-x32\...\{ADD4D4D2-4489-43A7-A141-7EDF2C5FB68E}) (Version: 6.3.3 build 7602 (Feb-02-2018) - Carbonite)
    Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 64.4.141 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
    Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
    KYOCERA Status Monitor 4 (HKLM\...\{24EE7F6D-C648-463f-9E71-DC5FD2258D16}) (Version: 4.1.3407 - KYOCERA Document Solutions Inc.)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3964560578-3134666677-54725085-1002\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
    NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
    TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.3399 - TeamViewer)
    Trend Micro Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 6.5.1377 - Trend Micro Inc.) Hidden
    Trend Micro Security Agent (HKLM-x32\...\HostedAgent) (Version: 6.5.1377 - Trend Micro Inc.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinRAR 5.61 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.1 - win.rar GmbH)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-01-17] ()
    ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-03] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-03] (Alexander Roshal)
    ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-01-17] ()
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-03] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-03] (Alexander Roshal)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {16E6B30D-E669-4C59-9A44-5C8911F8F42B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-01] (Google Inc.)
    Task: {2EA5FB6E-C6CA-48F3-BA69-B1289A917263} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
    Task: {3BE83522-52CC-4BF7-9385-7E21CE509B97} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-12-26] (Dropbox, Inc.)
    Task: {41134B01-6C11-461E-873F-5E3436A943AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
    Task: {571739F8-9AB4-42D4-90F5-1D152D317C6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-01] (Google Inc.)
    Task: {672F2A15-7BEB-474E-9B3D-B8AE561C6D3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
    Task: {78C7C156-216F-4C03-9001-B9F4ADDA1EFE} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:programData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath = $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters).
    Task: {7A8A1628-064F-41E4-A412-FD4263131142} - System32\Tasks\Trend Micro Worry-Free Business Security Services Recovery Pack Tool => C:\Program Files (x86)\Trend Micro\WFBSSUpdater\WFBSSUpdater.exe [2018-10-29] (Trend Micro Inc.)
    Task: {995AB358-22C0-4E31-AF95-AB0738137992} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
    Task: {A76C58E0-3040-4E12-A15D-71F81ED291F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-12-26] (Dropbox, Inc.)
    Task: {CDFAD533-2BE0-4B33-A134-5688784B8A6F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
    Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
    Task: {E40B7505-0E67-4651-BFB8-917B05E2A79A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
    Task: {ED9FB596-03A6-4658-9F8A-CEE0BAD7C04B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\Trend Micro Worry-Free Business Security Services Recovery Pack Tool.job => C:\Program Files (x86)\Trend Micro\WFBSSUpdater\WFBSSUpdater.exe
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2018-11-03 17:17 - 2019-01-03 11:53 - 000816640 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\sqlite3.dll
    2019-01-03 11:53 - 2019-01-03 11:53 - 000039424 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\boost_system-vc140-mt-1_62.dll
    2019-01-03 11:53 - 2019-01-03 11:53 - 000076288 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc140-mt-1_62.dll
    2018-11-03 17:17 - 2019-01-04 06:59 - 000186664 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\zlibwapi.dll
    2018-09-15 00:28 - 2018-09-15 00:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
    2019-01-03 11:53 - 2019-01-03 11:53 - 000737792 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll
    2019-01-03 11:53 - 2019-01-03 11:53 - 000131072 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc140-mt-1_62.dll
    2019-01-03 11:53 - 2019-01-03 11:53 - 000048640 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\boost_chrono-vc140-mt-1_62.dll
    2019-01-17 20:36 - 2019-01-17 20:36 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2018-09-15 00:28 - 2018-09-15 00:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-15 01:27 - 2018-12-15 01:27 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-09-15 00:28 - 2018-09-15 00:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-11-01 23:55 - 2018-11-01 23:56 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2018-12-13 20:27 - 2018-12-13 20:27 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2018-12-13 20:27 - 2018-12-13 20:27 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2019-01-15 09:33 - 2019-01-04 07:56 - 000676848 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\sqlite3.dll
    2019-01-09 21:17 - 2019-01-08 06:07 - 001140552 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2019-01-09 21:17 - 2019-01-08 06:07 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2019-01-09 21:17 - 2019-01-08 06:09 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes36.dll
    2019-01-09 21:17 - 2019-01-08 06:07 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000082760 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom36.dll
    2019-01-09 21:17 - 2019-01-08 06:08 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000092496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt562.sip.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 011830608 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:07 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2019-01-09 21:17 - 2019-01-08 06:08 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000272208 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2019-01-09 21:17 - 2019-01-08 06:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2019-01-09 21:17 - 2019-01-08 06:09 - 000038240 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:08 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
    2019-01-09 21:17 - 2019-01-08 06:08 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2019-01-09 21:17 - 2019-01-08 06:09 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000241488 _____ () C:\Program Files (x86)\Dropbox\Client\windragdrop.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp36-win32.pyd
    2019-01-09 21:17 - 2019-01-08 06:09 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp36-win32.pyd
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2018-04-11 16:38 - 2018-04-11 16:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-3964560578-3134666677-54725085-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.
    HKLM\...\StartupApproved\Run: => ""
    HKLM\...\StartupApproved\Run: => "ZAM"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{8A319707-610A-4946-9F64-56ACDB94954C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
    FirewallRules: [{41DEC474-0EDC-4023-9B42-87FFA6D37361}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc.)
    FirewallRules: [{C5E2DEC2-0A58-4211-9079-941C7418ACF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{81E4D6EC-87EE-48EE-BAFB-61CCA9F24126}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{D9261D17-E9E4-49AF-B048-6893CA8414C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{B539BBB5-7964-49FD-9C63-6D76F79C4782}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{732DA629-6900-4B97-8D5A-6247BCFCD767}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{453163B9-1FC7-4207-9207-F0B0D76F79D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{10B1B201-8A23-437E-84F9-6310A55262FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{9E03C363-2192-408F-BFD9-3C643C03C714}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{B8A626AF-E736-449B-9226-BDCD4BD74C76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{B849B4FF-2ACF-464C-8DFD-ECB93D737591}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
    FirewallRules: [{7F33A7B7-5EBE-4C73-8FA6-8EC8F7C7345A}] => (Allow) LPort=61117
    FirewallRules: [{AA74BD6F-E984-4DA2-885C-990813D95989}] => (Allow) LPort=61116
    FirewallRules: [{F74E794A-4C52-4246-80E8-F65D4B31D911}] => (Allow) LPort=21112
    ==================== Restore Points =========================
    05-01-2019 10:25:12 Scheduled Checkpoint
    09-01-2019 05:30:56 Windows Update
    17-01-2019 17:43:46 Scheduled Checkpoint
    ==================== Faulty Device Manager Devices =============
    Name: scanner
    Description: scanner
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (01/18/2019 11:06:13 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 10:03:25 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 09:01:07 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 07:58:16 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 06:55:58 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 05:53:09 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 04:50:51 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    Error: (01/18/2019 03:48:02 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.
    System errors:
    =============
    Error: (01/18/2019 11:11:27 PM) (Source: DCOM) (EventID: 10016) (User: RC-SOUTH)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user RC-SOUTH\Admin SID (S-1-5-21-3964560578-3134666677-54725085-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/18/2019 02:36:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.SecurityAppBroker
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/18/2019 02:36:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/17/2019 08:46:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.SecurityAppBroker
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/17/2019 08:46:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/17/2019 10:19:31 AM) (Source: DCOM) (EventID: 10016) (User: RC-SOUTH)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user RC-SOUTH\Julia Spigarelli SID (S-1-5-21-3964560578-3134666677-54725085-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/17/2019 10:19:31 AM) (Source: DCOM) (EventID: 10016) (User: RC-SOUTH)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user RC-SOUTH\Julia Spigarelli SID (S-1-5-21-3964560578-3134666677-54725085-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (01/17/2019 10:19:30 AM) (Source: DCOM) (EventID: 10016) (User: RC-SOUTH)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user RC-SOUTH\Julia Spigarelli SID (S-1-5-21-3964560578-3134666677-54725085-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    CodeIntegrity:
    ===================================
    Date: 2019-01-18 20:34:49.295
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.7.3.1003\tmmon64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-18 20:34:49.264
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\8.0.0.1057\TmUmEvt64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-18 02:34:16.095
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.7.3.1003\tmmon64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-18 02:34:16.081
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\8.0.0.1057\TmUmEvt64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-17 20:43:56.900
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.7.3.1003\tmmon64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-17 20:43:56.886
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\8.0.0.1057\TmUmEvt64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-17 15:44:13.913
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.7.3.1003\tmmon64.dll that did not meet the Windows signing level requirements.
    Date: 2019-01-17 15:44:13.903
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\8.0.0.1057\TmUmEvt64.dll that did not meet the Windows signing level requirements.
    ==================== Memory info ===========================
    Processor: AMD Ryzen 7 2700X Eight-Core Processor
    Percentage of memory in use: 33%
    Total physical RAM: 8142.13 MB
    Available physical RAM: 5375.93 MB
    Total Virtual: 8654.13 MB
    Available Virtual: 5728.95 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:222.97 GB) (Free:152.66 GB) NTFS
    \\?\Volume{8cec2663-cdcd-4ca5-bd0f-20736ce182d2}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
    \\?\Volume{bac91079-8f08-4d5c-a736-5e601e4a964a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
    Partition: GPT.
    ==================== End of Addition.txt ============================
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    510
    Hi,

    Thanks for the logs. (y)

    Please do this.

    Press the Windows Key + R. This will open the Run box.
    Type iexplore.exe -extoff and click the OK key. (Note the space between iexplore.exe and -extoff)

    Internet Explorer will open with Add-ons disabled. Let me know if you still see the same pop-up.

    Thanks.
     
  5. midiboy

    midiboy Thread Starter

    Joined:
    Dec 12, 2008
    Messages:
    32
    First Name:
    Scott
    Will do.
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    510
    OK, sounds good. (y)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1222030

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice