Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-04-2020 Ran by Chrissy (05-04-2020 19:11:00) Running from C:\Users\Chrissy\Downloads Microsoft Windows 10 Home Version 1909 18363.720 (X86) (2019-08-21 00:03:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2695042837-3831575686-1124767896-500 - Administrator - Disabled) Chrissy (S-1-5-21-2695042837-3831575686-1124767896-1000 - Administrator - Enabled) => C:\Users\Chrissy DefaultAccount (S-1-5-21-2695042837-3831575686-1124767896-503 - Limited - Disabled) Guest (S-1-5-21-2695042837-3831575686-1124767896-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2695042837-3831575686-1124767896-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2695042837-3831575686-1124767896-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (HKLM\...\7-Zip) (Version: - ) Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.) Canon IJ Network Scanner Selector EX2 (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.) Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.2.0.18 - Canon Inc.) Canon MB2700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MB2700_series) (Version: 1.02 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.1.2101 - CDBurnerXP) Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Combined Community Codec Pack 2009-09-09 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project) Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dot4 (HKLM\...\{FF359AAB-AA6A-449F-B75F-21201CD86495}) (Version: 1.0.0.0 - HP) Dropbox (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Dropbox) (Version: 94.4.384 - Dropbox, Inc.) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoTo Opener (HKLM\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.) GoToMeeting 8.41.0.12127 (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\GoToMeeting) (Version: 8.41.0.12127 - LogMeIn, Inc.) HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{14BEBF02-A501-4A68-ABEB-286CCB28AE9F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) ImageMixer3 (HKLM\...\{AB19A235-66D4-47F7-9904-BAF84ED25BB6}) (Version: 3.00.005 - PIXELA) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Juniper Networks Host Checker (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Juniper Terminal Services Client (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) MyLiveChat (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\4435c09f5cdefce5) (Version: 1.0.2.51 - MyLiveChat) NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR) Hidden NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden Peachtree Accounting 2012 (HKLM\...\{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.) Hidden Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.) Peachtree Signature Ready Forms (HKLM\...\{BA1EF4A7-AB67-492B-9C7D-4AEE43F5A3C6}) (Version: 6.14.24 - Sage Software SB, Inc.) Hidden Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software) Hidden Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP2 Workgroup (32-bit)) (Version: 10.10.126 - Pervasive Software) PHOTOfunSTUDIO -viewer- (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 1.00.000 - ) Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - ) Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.5 - fCoder Group, Inc.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-08] (Adobe Systems Incorporated) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.165.800.0_x86__kgqvnymyfvs32 [2020-04-02] (king.com) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x86__v10z8vjag6ke6 [2020-02-05] (HP Inc.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x86__8wekyb3d8bbwe [2020-01-31] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-08] (Adobe Systems Incorporated) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0 [2020-04-01] (Spotify AB) [Startup Task] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2016-05-24] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E4A4737B4AD9} -> [Creative Cloud Files] => C:\Users\Chrissy\Creative Cloud Files [2019-01-08 12:13] CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\GoToMeeting\12127\G2MOutlookAddin.dll (LogMeIn, Inc. -> LogMeIn, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{A659F7AF-C6B4-40FD-BF17-35CED2DA8C8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\psuser.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Chrissy\Dropbox [2013-08-29 09:20] CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0 CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\psuser.dll (Dropbox, Inc -> Dropbox, Inc.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SUPERAntiSpyware.com -> SuperAdBlocker.com) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.ffds] => C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll [85504 2009-08-31] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============= 2008-12-29 18:13 - 2008-12-29 18:13 - 000204800 _____ () [File not signed] C:\Program Files\NETGEAR\WG111v3\KJLog.dll 2009-03-04 10:52 - 2009-03-04 10:52 - 000372736 _____ () [File not signed] C:\Program Files\NETGEAR\WG111v3\WlanDll.dll 2020-02-22 16:22 - 2015-09-15 17:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\scchmpm.dll 2020-02-22 16:22 - 2015-09-01 19:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll 2020-02-22 16:22 - 2015-06-17 17:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL 2020-02-22 16:22 - 2015-06-17 17:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll 2020-02-22 16:22 - 2015-05-26 10:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll 2000-09-13 06:00 - 2000-09-13 06:00 - 000032768 _____ (MK Systems CO.,LTD.) [File not signed] C:\WINDOWS\System32\Eplplx02.dll 2002-06-21 06:04 - 2002-06-21 06:04 - 000079872 _____ (MK Systems CO.,LTD.) [File not signed] C:\WINDOWS\System32\Eplpmx02.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Pervasive Software\PSQL\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1BAB5892-140F-448E-920D-980B907CDA14}] => (Allow) LPort=1583 FirewallRules: [{CEC8D2C1-73EC-4176-B212-86CB84605F07}] => (Allow) LPort=3351 FirewallRules: [{B40B6A1F-6E56-46D5-87A8-3164F2822D18}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Sage Software, Inc. -> Pervasive Software Inc.) FirewallRules: [{D5403EC3-5302-42CD-9751-1AA5B7BD530A}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Sage Software, Inc. -> Pervasive Software Inc.) FirewallRules: [{19A9C98F-E89D-4695-BA16-9E8CDF9F3B5D}] => (Allow) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{BDA28771-F93B-49A8-BB37-C6111EDEB4D0}] => (Allow) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F03EAF5E-9ED5-464D-877F-2B7651EB52C9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{FBBB15BA-FC5E-48C7-B479-FC66CE912062}C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [UDP Query User{488A720B-0B63-484E-8041-DB4316130A24}C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{A6FFDB5E-895B-4F4F-AF06-1599D39FB79D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{61D242F6-5AFA-41A5-800A-6563F7A1AD6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{74C50345-F115-45F2-9410-D8B966F7E59F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{C70921FE-350A-4959-B15E-6323B6FAA85F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{BF853CAC-7579-42C7-92AF-7DA1CD7B0B6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{30D8FD6B-0D55-4237-9756-AEF39C802444}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{FA6BC2F3-4EFE-4127-8FF7-368D3C0EBB61}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2C20420E-2235-4D99-A88C-759DC700D767}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{210096C6-93D6-4E54-A7B0-7E7153E240E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{888CBAEF-12F6-413A-B65D-97BF769D993C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B4B0D6DF-3A45-4F82-9AFF-725ACFCA568F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0EF65287-2BFF-42CC-B0FB-F66780DF9984}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{229AFFC1-8D89-4D26-8CD5-80E7473342CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1BC5E894-1004-4AAE-98AF-F3F23C15E851}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D35FD8D4-6406-435B-A61D-A7A4E3D7EBB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5B6395E8-5A38-4ADC-9586-9EB15E908ACD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 23-03-2020 10:48:11 Scheduled Checkpoint 02-04-2020 09:47:43 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/05/2020 07:02:43 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8388,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (04/05/2020 05:10:32 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6616,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (04/05/2020 04:43:54 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4168,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (04/05/2020 04:35:52 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Chrissy-PC) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (04/05/2020 04:31:16 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (04/05/2020 04:28:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (04/05/2020 04:28:38 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (04/05/2020 04:26:11 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Chrissy-PC) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. System errors: ============= Error: (04/05/2020 06:35:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (04/05/2020 04:32:52 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/05/2020 04:32:35 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/05/2020 04:32:08 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/05/2020 04:32:08 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/05/2020 04:32:02 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (04/05/2020 04:32:01 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (04/05/2020 04:32:01 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC) Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Windows Defender: =================================== Date: 2020-04-05 16:32:11.089 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.C!ml&threatid=2147749372&enterprise=0 Name: Trojan:Win32/Wacatac.C!ml ID: 2147749372 Severity: Severe Category: Trojan Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo.com/forum/files/get/858b33941669d060078d4aa3ff294d24/6921-FRST.exe|pid:3544,ProcessStart:132305922517181381 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0 Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-05 16:03:36.703 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.C!ml&threatid=2147749372&enterprise=0 Name: Trojan:Win32/Wacatac.C!ml ID: 2147749372 Severity: Severe Category: Trojan Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|https://download.bleepingcomputer.com/dl/4b85b14685b98a06fa3b682a6219b301/5e8a3966/windows/security/security-utilities/f/farbar-recovery-scan-tool/FRST.exe|pid:5224,ProcessStart:132305877243129930 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0 Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-05 15:52:23.613 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.C!ml&threatid=2147749372&enterprise=0 Name: Trojan:Win32/Wacatac.C!ml ID: 2147749372 Severity: Severe Category: Trojan Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo.com/forum/files/get/41a6246b672f2999bf1642da3adbbd3c/6921-FRST.exe|pid:5224,ProcessStart:132305877243129930 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0 Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-05 15:49:34.535 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.C!ml&threatid=2147749372&enterprise=0 Name: Trojan:Win32/Wacatac.C!ml ID: 2147749372 Severity: Severe Category: Trojan Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo.com/forum/files/get/41a6246b672f2999bf1642da3adbbd3c/6921-FRST.exe|pid:5224,ProcessStart:132305877243129930 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0 Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-05 15:48:59.069 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.C!ml&threatid=2147749372&enterprise=0 Name: Trojan:Win32/Wacatac.C!ml ID: 2147749372 Severity: Severe Category: Trojan Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo.com/forum/files/get/41a6246b672f2999bf1642da3adbbd3c/6921-FRST.exe|pid:5224,ProcessStart:132305877243129930 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0 Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-05 16:29:49.248 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2020-04-03 09:02:40.642 Description: Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version. Security intelligence Attempted: Backup Error Code: 0x80004004 Error description: Operation aborted Security intelligence version: 1.313.642.0;1.313.642.0 Engine version: 1.1.16900.4 Date: 2020-04-03 09:02:38.264 Description: Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version. Security intelligence Attempted: Current Error Code: 0x80004004 Error description: Operation aborted Security intelligence version: 1.313.680.0;1.313.680.0 Engine version: 1.1.16900.4 Date: 2020-03-23 07:56:42.073 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.311.1615.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2020-03-15 00:33:03.862 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.311.1231.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070102 Error description: The wait operation timed out. CodeIntegrity: =================================== Date: 2020-04-05 16:35:45.807 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements. Date: 2020-04-05 16:25:28.501 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements. Date: 2020-04-05 14:55:31.648 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements. Date: 2020-04-03 17:33:31.833 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-03 17:33:31.704 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-03 17:33:31.609 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-03 17:33:31.070 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2020-04-03 17:33:30.982 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 7UET79WW (3.09 ) 10/13/2009 Motherboard: LENOVO 7439W6R Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 86% Total physical RAM: 1944.02 MB Available physical RAM: 260.13 MB Total Virtual: 4760.02 MB Available Virtual: 1639.94 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:148.35 GB) (Free:62.13 GB) NTFS \\?\Volume{73b17344-af71-11e1-a62f-806e6f6e6963}\ (System) (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS \\?\Volume{8d91f07f-0000-0000-0000-402325000000}\ () (Fixed) (Total:0.5 GB) (Free:0.15 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 8D91F07F) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=510 MB) - (Type=27) ==================== End of Addition.txt =======================