Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2019 Ran by bound (22-10-2019 23:26:46) Running from C:\Users\bound\OneDrive\Desktop Windows 10 Home Version 1903 18362.418 (X64) (2019-08-30 16:41:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-434176807-1825367159-3512769250-500 - Administrator - Disabled) bound (S-1-5-21-434176807-1825367159-3512769250-1001 - Administrator - Enabled) => C:\Users\bound DefaultAccount (S-1-5-21-434176807-1825367159-3512769250-503 - Limited - Disabled) DevToolsUser (S-1-5-21-434176807-1825367159-3512769250-1004 - Limited - Enabled) => C:\Users\DevToolsUser Guest (S-1-5-21-434176807-1825367159-3512769250-501 - Limited - Disabled) sshd (S-1-5-21-434176807-1825367159-3512769250-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-434176807-1825367159-3512769250-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318} FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-434176807-1825367159-3512769250-1001\...\uTorrent) (Version: 3.5.5.45365 - BitTorrent Inc.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated) Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_1) (Version: 23.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-434176807-1825367159-3512769250-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk) Autodesk Material Library 2020 (HKLM-x32\...\{B9312A51-41B5-479D-9F72-E7448A2D89AF}) (Version: 18.11.1.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{0E976988-E753-4C81-BD96-434CE305B176}) (Version: 18.11.1.0 - Autodesk) Autodesk Navisworks Freedom 2020 - English Language Pack (HKLM\...\{B0EC0673-51DF-0409-8E68-53BEFA9DEFB8}) (Version: 17.0.1336.83 - Autodesk) Hidden Autodesk Navisworks Freedom 2020 - English Language Pack (HKLM\...\Autodesk Navisworks Freedom 2020 - English Language Pack) (Version: 17.0.1336.83 - Autodesk) Autodesk Navisworks Freedom 2020 (HKLM\...\{B0EC0673-51DF-0000-8E68-53BEFA9DEFB8}) (Version: 17.1.1338.62 - Autodesk) Hidden Autodesk Navisworks Freedom 2020 (HKLM\...\Autodesk Navisworks Freedom 2020) (Version: 17.1.1338.62 - Autodesk) Autodesk Navisworks Freedom 2020 Update 1 (HKLM-x32\...\{153dc5f5-96b9-5177-8592-8a86a77f5ffe}) (Version: 17.1.1338.62 - Autodesk) Hidden Backup and Sync from Google (HKLM\...\{04F8741C-2F6C-4324-BBAB-0CEB1E59FE67}) (Version: 3.46.7395.1225 - Google, Inc.) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender) Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 24.0.9.47 - Bitdefender) Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 24.0.6.31 - Bitdefender) Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 24.0.2.693 - Bitdefender) BrLauncher (HKLM-x32\...\{474764AE-5A67-4312-ADD3-449798BD96D1}) (Version: 1.1.21.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.) Brother Printer Driver (HKLM-x32\...\{EADC5638-E8FC-41E6-9BE1-9E6A77CCE3F8}) (Version: 3.2.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{06A5A956-6D40-4F1B-B7E6-94411BFB846B}) (Version: 1.0.38.1 - Brother Industries Ltd.) Hidden BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden BrSupportTools (HKLM-x32\...\{83626DDE-99CD-4FF2-804E-36BE82143315}) (Version: 1.0.14.0 - Brother Industries Ltd.) Hidden ControlCenter4 (HKLM-x32\...\{CAFE5834-5440-41B8-8C56-4DD946A1A5E1}) (Version: 4.6.21.1 - Brother Industries, Ltd.) Hidden ControlCenter4 CSDK (HKLM-x32\...\{1E89F75C-EF46-406C-9AAC-615B3CCC1D3D}) (Version: 4.3.2.1 - Brother Insutries Ltd.) Hidden DeviceDetect (HKLM-x32\...\{9C27CE44-0F33-42CC-8A30-4A08369EB7B3}) (Version: 1.3.1.0 - Brother Industries Ltd.) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 83.4.152 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{0459ef97-6cc2-4a78-a664-516669c498e2}) (Version: 20.70.0.0u - Intel Corporation) Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.5.1.34 - Wacom Technology Corp.) Lenovo Service Bridge (HKU\S-1-5-21-434176807-1825367159-3512769250-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.1.0.5 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0088 - Lenovo) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{ACBF202C-A6AA-4C85-8DEE-D77F9BDC20AA}) (Version: 4.8.03752 - Microsoft Corporation) Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{531D0272-1CD3-45E1-A5EE-CF57F50AD452}) (Version: 4.8.03752 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12026.20334 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-434176807-1825367159-3512769250-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) NetworkRepairTool (HKLM-x32\...\{947DE453-69FD-4CF6-A682-04D1308C79AF}) (Version: 1.2.15.0 - Brother Industries, Ltd.) Hidden Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.) PC-FAXReceive (HKLM-x32\...\{9C609AF4-9CC1-45F0-B954-29DF7DD40329}) (Version: 1.8.004.0 - Brother Insutries Ltd.) Hidden PCFaxTx (HKLM-x32\...\{3C17737F-A6C4-4528-9A60-06DD0D4B3A63}) (Version: 1.0.18.1 - Brother Industries Ltd.) Hidden PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden Primavera P6 Professional (HKLM-x32\...\{6177256e-cf42-46fb-8c0f-43ba98c4e747}) (Version: 18.8.0.29254 - Oracle Corporation) Primavera P6 Professional (x64) (HKLM\...\{26F083CA-55D5-47EB-9737-E8B376F20AD3}) (Version: 18.8.0.29254 - Oracle Corporation) Hidden RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden StatusMonitor (HKLM-x32\...\{624AB804-EE0E-4AD5-AB8F-15BB29C54065}) (Version: 1.22.8.0 - Brother Insutries Ltd.) Hidden The Brother Product Research & Support Program (HKLM-x32\...\{BCE40480-3D49-4D27-8C64-DCDFB06CEEC8}) (Version: 3.0.6 - Brother Industries, Ltd.) UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare UniConverter(Build 11.5.1.0) (HKLM-x32\...\UniConverter_is1) (Version: 11.5.1.0 - Wondershare Software) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-09-04] (Adobe Systems Incorporated) Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-09-03] (Adobe Systems Incorporated) Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08 [2019-10-02] (AMZN Mobile LLC.) AutoCAD mobile - DWG Viewer, Editor & CAD Drawing Tools -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_4.16.0.0_x64__tf1gferkr813w [2019-10-09] (Autodesk Inc.) Backgrounds Wallpapers HD -> C:\Program Files\WindowsApps\63253Carocha.BackgroundsWallpapersHD_1.2.7.0_x64__n0fz1mdwq0eq0 [2019-09-05] (IZI LABS) backiee - Wallpaper Studio 10 -> C:\Program Files\WindowsApps\35010GOOD2CREATE.LIVELOCKTHEMES_8.0.171.0_x64__cxjy25q2av1xg [2019-10-20] (Good2Create) [MS Ad] Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.8.7.0_x64__jj4r3mnwe2ey2 [2019-09-18] (Define Studio) [MS Ad] Desktop App Converter -> C:\Program Files\WindowsApps\Microsoft.DesktopAppConverter_2.1.4.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation) Devicebook -> C:\Program Files\WindowsApps\devicebook.Devicebook_1.6.152.0_x86__vcs7q8rz65cyt [2019-10-17] (devicebook Inc) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220 [2019-10-07] (Dolby Laboratories) Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyatmosspeakersystem_2.1002.243.0_x64__rz1tebttyb220 [2019-08-30] (Dolby Laboratories) Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_1.4.2739.0_x64__rz1tebttyb220 [2019-09-27] (Dolby Laboratories) Drawboard PDF -> C:\Program Files\WindowsApps\Drawboard.DrawboardPDF_5.15.0.0_x64__gqbn7fs4pywxm [2019-09-17] (Drawboard) Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.3.0_x64__xbfy0k16fey96 [2019-10-20] (Dropbox Inc.) Easy File Organizer -> C:\Program Files\WindowsApps\9894Qiplex.OrganizeMyFiles_2.6.2.0_x64__q0efyk4h80z24 [2019-10-07] (Qiplex) EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2019-10-03] (Microsoft Corporation) Explorer for G-Drive Free -> C:\Program Files\WindowsApps\VirtualPulse.ExplorerforG-DriveFree_1.65.105.0_x64__nh7p8cqfc4t04 [2019-09-27] (Virtual Pulse) FMAPOControl -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.12.0_x64__4pejv7q2gmsnr [2019-09-21] (Fortemedia) Grover Podcast -> C:\Program Files\WindowsApps\14610MatheusI.M.GroovePodcast_2.4.5.0_x64__jx8kt06yv8vw6 [2019-09-24] (Matheus Inácio) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-15] (HP Inc.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1909.24.0_x64__k1h2ywk1493x8 [2019-09-24] (LENOVO INC.) LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-08-30] (LENOVO INC) LIFX -> C:\Program Files\WindowsApps\LIFX.LIFXAllJoyn_1.8.7.0_x64__12cgvk5sr8bq2 [2019-10-15] (LIFX) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation) [MS Ad] Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2019-10-05] (Microsoft Platform Extensions) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-07] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation) TouchMail -> C:\Program Files\WindowsApps\daVincisGarageLLC.LarryBooBoo_10.1910.7.0_x64__526xyj0r2d3h2 [2019-10-08] (TouchMail Inc) win.any.do -> C:\Program Files\WindowsApps\19814FengGao.win.any.do_1.1.0.0_neutral__sk37tk5wes22a [2019-09-03] (Feng_Gao) Windows Configuration Designer -> C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2019.808.0.0_x86__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-434176807-1825367159-3512769250-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-06FA68803591} -> [Creative Cloud Files] => C:\Users\bound\Creative Cloud Files [2019-09-03 20:19] CustomCLSID: HKU\S-1-5-21-434176807-1825367159-3512769250-1001_Classes\CLSID\{1f678ccb-a42f-5fc8-83e8-73ea773b4355}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-434176807-1825367159-3512769250-1001_Classes\CLSID\{38ef6716-df38-5393-af3d-58427381d971}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-434176807-1825367159-3512769250-1001_Classes\CLSID\{dff3022b-8eb4-5500-a572-753abdd27e45}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-434176807-1825367159-3512769250-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\bound\Dropbox [2019-08-14 05:51] CustomCLSID: HKU\S-1-5-21-434176807-1825367159-3512769250-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-10] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-10] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-10] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-10] (Google LLC -> Google) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-10] (Google LLC -> Google) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-08] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_comp.inf_amd64_f7412e3e3404de80\igfxDTCM.dll [2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\bound\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2017-12-14 11:38 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2019-10-02 13:43 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2019-10-02 13:43 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2019-10-02 09:39 - 2019-10-02 09:39 - 069532672 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\Alexa.dll 2019-08-31 09:45 - 2019-08-31 09:46 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\e_sqlite3.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 000009216 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\ImagePipelineNative.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 000104448 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\libpryon_lite.dll 2019-10-02 09:39 - 2019-10-02 09:39 - 000054272 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\Reaver.Components.dll 2019-10-02 09:39 - 2019-10-02 09:39 - 000027648 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\Reaver.Http.Curl.Shim.dll 2019-10-02 09:39 - 2019-10-02 09:39 - 000032768 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\Reaver.Intel.Shim.dll 2019-09-01 22:35 - 2019-05-28 15:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 000114176 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_ctypes.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000173056 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_elementtree.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 001803776 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_hashlib.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000032256 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_multiprocessing.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000046080 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_psutil_windows.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000047616 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_socket.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 002235904 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_ssl.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000026112 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\_yappi.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000080896 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\bz2.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000016384 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\common.time34.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000007680 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\hashobjs_ext.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000301568 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\PIL._imaging.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000169472 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\pyexpat.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 001084416 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\pysqlite2._sqlite.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000548864 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\pythoncom27.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 000137728 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\pywintypes27.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 000010752 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\select.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000020992 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\thumbnails_ext.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000689664 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\unicodedata.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000119808 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\usb_ext.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000128512 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32api.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000438784 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32com.shell.shell.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000011776 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32crypt.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000023040 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32event.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000149504 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32file.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000223232 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32gui.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000048128 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32inet.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000029696 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32pdh.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000027648 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32pipe.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000044032 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32process.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000020480 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32profile.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000136192 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32security.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000026624 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\win32ts.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000034816 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\windows.conditional.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000038400 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\windows.connectivity.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000071680 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\windows.device_monitor.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000109056 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\windows.volumes.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000020480 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\windows.winwrap.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 001325056 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wx._controls_.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 001489408 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wx._core_.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 001007104 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wx._gdi_.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000103424 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wx._html2.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 000916992 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wx._misc_.pyd 2019-10-22 22:56 - 2019-10-22 22:56 - 001039872 _____ () [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wx._windows_.pyd 2019-09-03 07:10 - 2018-05-02 15:25 - 000091648 _____ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2019-09-03 07:10 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll 2012-12-05 12:29 - 2012-12-05 12:29 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 000098816 _____ (Facebook, Inc.) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\yoga.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\python27.dll 2019-09-18 10:44 - 2019-06-08 16:48 - 001257472 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2019-08-30 09:57 - 2018-08-12 21:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 002418688 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\libcurl.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 000442368 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\bass.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 000108032 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\bassmidi.dll 2019-09-18 13:46 - 2019-09-18 13:46 - 000041472 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.6.236.0_x64__22t9g3sebte08\bassmix.dll 2019-10-02 13:43 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wxbase30u_net_vc90_x64.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wxbase30u_vc90_x64.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wxmsw30u_adv_vc90_x64.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wxmsw30u_core_vc90_x64.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wxmsw30u_html_vc90_x64.dll 2019-10-22 22:56 - 2019-10-22 22:56 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\bound\AppData\Local\Temp\_MEI84642\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-30 10:31 - 2019-10-22 22:56 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-434176807-1825367159-3512769250-1001\Control Panel\Desktop\\Wallpaper -> c:\users\bound\appdata\local\packages\35010good2create.livelockthemes_cxjy25q2av1xg\localstate\desktop-004296.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-434176807-1825367159-3512769250-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{35B448E1-EF79-4769-BC3B-0952E8F30378}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{2B28FB76-0041-40FE-AD48-1ECCD8358252}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe No File FirewallRules: [TCP Query User{6E8368E8-4933-4C18-9CD0-64E187EA6542}C:\users\bound\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bound\appdata\roaming\spotify\spotify.exe No File FirewallRules: [UDP Query User{14B82AAE-775B-43DA-9D05-81A37362CF0A}C:\users\bound\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bound\appdata\roaming\spotify\spotify.exe No File FirewallRules: [TCP Query User{A2E2AB81-2128-4AFF-827B-B977108BCA16}C:\users\bound\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bound\appdata\roaming\spotify\spotify.exe No File FirewallRules: [UDP Query User{325DB96A-2C03-4DC6-AA38-02C4D6EEB97E}C:\users\bound\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bound\appdata\roaming\spotify\spotify.exe No File FirewallRules: [{CB88C7EE-9A41-4EE7-9453-D33965611E80}] => (Allow) LPort=54925 FirewallRules: [{94B552A4-46CE-4360-B244-894314ACFBC9}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{103CAE4E-033B-416A-93AC-DCD350D84D4D}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{2682F50D-D2F1-4191-8244-D7ED6F88C6C0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{26DC72FA-1475-4059-B902-316AE10A5A00}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{CE617D2C-54F6-4836-893B-40669F54F474}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File FirewallRules: [{A69104F7-426D-40F3-87CE-925C28C060E9}] => (Allow) C:\Users\bound\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C7963991-77B5-411A-A2FC-7DB3FEED99FE}] => (Allow) C:\Users\bound\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{A92A05EC-2455-4523-9F0A-9C0614F6D661}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{79DD914D-560A-4C3A-ADAE-D8641C8E3674}] => (Allow) C:\Program Files\WindowsApps\devicebook.Devicebook_1.6.152.0_x86__vcs7q8rz65cyt\LowerEdge.Windows\DevicebookBridge.exe () [File not signed] FirewallRules: [{EBB046F9-C753-4D46-8884-6F03525138EB}] => (Allow) C:\Program Files\WindowsApps\devicebook.Devicebook_1.6.152.0_x86__vcs7q8rz65cyt\LowerEdge.Windows\DevicebookBridge.exe () [File not signed] FirewallRules: [{829E8219-00A3-4CF1-8960-11D24F2FEA96}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:475.69 GB) (Free:362.05 GB) (76%) ==================== Faulty Device Manager Devices ============= Name: Brother MFC-J2330DW Description: Brother MFC-J2330DW Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Brother Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Brother MFC-J2330DW Description: Brother MFC-J2330DW Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Brother Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2019 11:16:41 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (17452,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/22/2019 11:06:50 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8664,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/22/2019 11:01:45 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DILLY-DILLY) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (10/22/2019 10:56:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.387, time stamp: 0xc9ad3ad7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x10b4 Faulting application start time: 0x01d5896695b57b2c Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: unknown Report Id: 4fc0142c-b965-4bfb-b319-7c7644c1299e Faulting package full name: Faulting package-relative application ID: Error: (10/22/2019 10:03:56 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (21248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/22/2019 04:20:38 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (17900,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/22/2019 04:01:36 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (13292,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/22/2019 03:47:17 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4784,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (10/22/2019 10:55:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The OpenSSH SSH Server service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2019 10:55:55 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. Error: (10/22/2019 10:24:07 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9260 160MHz : Has determined that the network adapter is not functioning properly. 5002 - uCode SW error (SysAssert, NMI) Error: (10/22/2019 10:19:12 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9260 160MHz : Has determined that the network adapter is not functioning properly. 5002 - uCode SW error (SysAssert, NMI) Error: (10/22/2019 09:39:07 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9260 160MHz : Has determined that the network adapter is not functioning properly. 5002 - uCode SW error (SysAssert, NMI) Error: (10/22/2019 09:24:07 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9260 160MHz : Has determined that the network adapter is not functioning properly. 5002 - uCode SW error (SysAssert, NMI) Error: (10/22/2019 09:09:07 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9260 160MHz : Has determined that the network adapter is not functioning properly. 5002 - uCode SW error (SysAssert, NMI) Error: (10/22/2019 08:35:11 PM) (Source: Netwtw08) (EventID: 5002) (User: ) Description: Intel(R) Wireless-AC 9260 160MHz : Has determined that the network adapter is not functioning properly. 5002 - uCode SW error (SysAssert, NMI) Windows Defender: =================================== Date: 2019-09-29 14:42:56.916 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {458A2AA9-C9A5-48DE-9F6E-962133796137} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-29 05:52:36.507 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {478FEFBD-CC06-4EB1-ADCD-EF8FEC2CB194} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-29 04:46:40.849 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C9C78103-A0C2-4368-9371-D17C407FCFD1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-30 10:52:22.897 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B2A18391-39B8-4FBA-8E57-DEE739F46147} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2019-09-27 15:14:39.213 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.416.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-09-27 15:14:39.211 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.416.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-09-27 15:14:39.209 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.416.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-09-27 15:14:39.145 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.416.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-09-27 15:14:39.143 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.416.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2019-10-22 13:19:33.210 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 13:19:20.507 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 13:19:19.526 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 13:19:17.779 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 13:19:03.237 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:55:07.948 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:55:03.554 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-22 10:55:02.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 8GCN32WW 10/09/2018 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz Percentage of memory in use: 49% Total physical RAM: 16226.71 MB Available physical RAM: 8253.1 MB Total Virtual: 18658.71 MB Available Virtual: 8523.23 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:362.05 GB) NTFS \\?\Volume{00165bc7-0aa4-462b-a210-7408599dee80}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS \\?\Volume{75a0500d-0654-4b7e-a049-f63fd20441b2}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 7AACCA36) Partition: GPT. ==================== End of Addition.txt ============================