Hello,
Yesterday and today, the attached image popped up on my laptop as I was online. It included an automated female voice reading the warning. I was able to close the window with Ctrl, Alt, Delete. After which, I did a full scan with Avira and it did not detect anything. I would like your help in removing the malware.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Anna (administrator) on DESKTOP-1T88022 (14-07-2018 13:13:14)
Running from C:\Users\Anna\Desktop
Loaded Profiles: Anna & (Available Profiles: Anna)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5753112 2015-05-05] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714160 2015-09-21] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-02-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118058\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118302\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-03-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Run: [Amazon Music] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music.exe [19504616 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Run: [Amazon Music Helper] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music Helper.exe [3057128 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-03-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Run: [Amazon Music] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music.exe [19504616 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Run: [Amazon Music Helper] => C:\Users\Anna\AppData\Local\Amazon Music\Amazon Music Helper.exe [3057128 2018-03-22] (Amazon Services LLC)
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Policies\system: [DisableLockWorkstation] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{012ec000-68b3-41a2-887f-039768862372}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e1d40a55-879e-4bf4-ba9a-557fffeb6eaf}: [DhcpNameServer] 10.1.0.30
Internet Explorer:
==================
HKU\S-1-5-21-5170115-1249461234-645129025-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-5170115-1249461234-645129025-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002 -> DefaultScope {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002 -> {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430 -> DefaultScope {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
SearchScopes: HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430 -> {669EAF6B-ED5D-427A-A85D-5FC8A417BEA8} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-14] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-26] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: oj1c79fr.default-1522376397810
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810 [2018-07-14]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2018-07-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [880040 2018-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [225384 2018-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [225384 2018-07-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-07-12] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [346528 2018-05-17] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [103328 2018-06-15] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-30] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51392 2018-07-12] (Dropbox, Inc.)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2018-03-09] (Sandboxie Holdings, LLC)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [43480 2018-05-11] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [566192 2015-08-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-05-12] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [84224 2015-08-22] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-07-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-07-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
S3 Delldiag; C:\__de11csattestfolder2016__\DDDriver.sys [30360 2017-02-24] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-13] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [412400 2015-09-11] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228208 2018-03-08] (Sandboxie Holdings, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-13] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-14 13:13 - 2018-07-14 13:14 - 000020037 _____ C:\Users\Anna\Desktop\FRST.txt
2018-07-14 13:12 - 2018-07-14 13:13 - 000000000 ____D C:\FRST
2018-07-14 13:11 - 2018-07-14 13:12 - 000000000 ____D C:\Users\Anna\Desktop\Stuff to Keep 2
2018-07-14 13:08 - 2018-07-14 13:11 - 000000000 ____D C:\Users\Anna\Desktop\Stuff to keep
2018-07-14 13:06 - 2018-07-14 13:06 - 002412544 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2018-07-14 10:52 - 2018-07-14 10:52 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-14 10:52 - 2018-07-14 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-13 14:15 - 2018-07-13 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-13 10:21 - 2018-07-13 10:21 - 000000000 ____D C:\Users\Anna\AppData\Local\D3DSCache
2018-07-12 19:01 - 2018-07-12 19:01 - 000051392 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-12 19:01 - 2018-07-12 19:01 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-12 19:01 - 2018-07-12 19:01 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-12 19:01 - 2018-07-12 19:01 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-06 23:50 - 2018-07-06 23:50 - 001991480 _____ C:\Users\Anna\Downloads\new_01052018102738140.pdf
2018-06-30 12:00 - 2018-06-30 12:02 - 000019288 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-14 13:13 - 2018-03-03 23:58 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-07-14 12:58 - 2016-12-17 01:09 - 000000000 ____D C:\Users\Anna\AppData\LocalLow\Mozilla
2018-07-14 11:52 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-14 10:52 - 2016-09-20 06:42 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-14 10:52 - 2016-09-20 06:42 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-14 10:52 - 2016-09-20 06:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-14 10:50 - 2016-09-20 06:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-14 10:44 - 2018-05-20 11:23 - 000004238 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-07-14 10:41 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-14 10:41 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-14 10:41 - 2017-11-20 19:37 - 000000000 ____D C:\Users\Anna\AppData\Local\Packages
2018-07-13 22:11 - 2018-05-20 10:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-13 18:49 - 2018-05-20 11:23 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E60DEA9F-A703-4890-B747-E281A9FE14E5}
2018-07-13 14:16 - 2016-09-20 06:49 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-13 10:25 - 2018-06-09 21:34 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-13 10:25 - 2018-05-20 11:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-13 10:24 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-13 10:24 - 2017-05-22 07:25 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-07-13 10:11 - 2016-11-26 23:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-13 10:06 - 2016-11-26 23:40 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-13 09:10 - 2018-05-20 11:23 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-5170115-1249461234-645129025-1002
2018-07-13 09:10 - 2018-05-20 10:54 - 000002405 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-13 09:10 - 2016-11-26 14:38 - 000000000 ___RD C:\Users\Anna\OneDrive
2018-07-13 09:09 - 2018-05-20 11:23 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-13 09:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-13 09:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-13 01:00 - 2016-11-26 14:54 - 000002326 _____ C:\WINDOWS\Sandboxie.ini
2018-07-12 17:38 - 2018-05-20 11:23 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-12 17:38 - 2017-01-12 19:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-12 17:06 - 2017-01-02 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-12 17:03 - 2017-11-20 18:36 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-07-12 17:03 - 2017-11-20 18:36 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-07-12 15:42 - 2016-09-20 06:30 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-12 10:42 - 2017-10-08 18:15 - 000052784 _____ C:\Users\Anna\Documents\Job Activity Log.xlsx
2018-07-07 11:15 - 2016-12-17 01:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-07 11:15 - 2016-12-17 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-07 01:15 - 2016-12-17 04:34 - 000000000 ___RD C:\Users\Anna\Documents\Scanned Documents
2018-07-06 14:56 - 2016-12-17 01:09 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-02 14:16 - 2018-06-12 22:32 - 000000000 ____D C:\ProgramData\Packages
2018-07-01 11:39 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-01 11:38 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-20 10:47
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Anna (14-07-2018 13:14:59)
Running from C:\Users\Anna\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-20 18:24:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-5170115-1249461234-645129025-500 - Administrator - Disabled)
Anna (S-1-5-21-5170115-1249461234-645129025-1002 - Administrator - Enabled) => C:\Users\Anna
DefaultAccount (S-1-5-21-5170115-1249461234-645129025-503 - Limited - Disabled)
Guest (S-1-5-21-5170115-1249461234-645129025-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-5170115-1249461234-645129025-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\Amazon Amazon Music) (Version: 6.4.0.1321 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\Amazon Amazon Music) (Version: 6.4.0.1321 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{4A04AD5F-67AC-079E-8ACD-2E38E25E39E7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{0bb4751a-1ff2-4c79-80df-5bab5da63823}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.14.1.26975 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A7F41426-5F75-4695-BE5D-B011821079A3}) (Version: 2.0.5.48230 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.7.0.7260 - Avira Operations GmbH & Co. KG)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{122666A9-2995-4E47-A75E-6423A827B7AF}) (Version: 2.2.0.253 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6568.0 - Waves Audio Ltd.) Hidden
Medical Terminology for Health Professions (HKLM-x32\...\Medical Terminology for Health Professions_is1) (Version: - Cengage Delmar Learning)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.3 - Qualcomm Atheros)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Sandboxie 5.24 (64-bit) (HKLM\...\Sandboxie) (Version: 5.24 - Sandboxie Holdings, LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-12] (Avira Operations GmbH & Co. KG)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {075070BC-A904-4491-A8F1-D91DEF8AACBA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {09DF5E2E-DD9C-482C-B94C-E8D58CE2FE1B} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-14] (Microsoft Corporation)
Task: {1D5058AD-6922-4594-993E-0E1CFFC291F0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-26] (Dropbox, Inc.)
Task: {25A26C76-DBB3-4FF5-9AD5-B5A44F9C4913} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-05-11] (Dell Inc.)
Task: {45B98106-29B4-489C-858E-CAC60A5FA002} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {495C31D1-C82C-47DF-BAED-A98EE748FB39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {4C1E42D4-9AFB-42CE-87CE-C16B7BCC916F} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {5120C6F9-2A44-4424-BDBF-27584921C416} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-26] (Dropbox, Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {715627E6-DEF7-49B3-9E24-947C2209C91E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {75A844C6-C506-4BDD-9564-943B99F65A28} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {781CA0A7-C885-4480-83E1-F7F23A24CFFD} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {8BA0E1EF-37CA-4208-80F8-FFEBE8190097} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-14] (Microsoft Corporation)
Task: {AACC68C1-6BDF-4AE0-9788-22753A168701} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM)
Task: {B178C1E2-6600-4B05-917C-A20C837E74DA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {BB866A73-9742-4426-A5DC-B9C50E686B6B} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-03] (Avira Operations GmbH & Co. KG )
Task: {CF04F0D9-121D-4DA0-9C4B-8EF60EA0AFA3} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-07-12] (Avira Operations GmbH & Co. KG)
Task: {D6BE390D-917E-4A82-A2D9-22319CBD91E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {DE8CA77A-4D01-4AD8-B96E-69E3EF0E7467} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-14] (Microsoft Corporation)
Task: {F12DF295-873E-4697-87CD-25B2BFFC9FC7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-14] (Microsoft Corporation)
Task: {F2DAD6BE-481C-4DC0-A81F-3591959F7B56} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-02-26] (Avira Operations GmbH & Co. KG)
Task: {FCFDD420-91E7-4BE6-ABBC-A2EE0AB60903} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-07] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP 1T88022
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-06 21:39 - 2015-08-06 21:39 - 000127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-06-08 19:31 - 2018-06-09 21:34 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-08-06 21:39 - 2015-08-06 21:39 - 000138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-12 20:49 - 2018-06-08 01:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-22 21:50 - 2018-05-22 21:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-22 21:50 - 2018-05-22 21:51 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-19 10:35 - 2017-09-19 10:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 16:26 - 2015-06-23 16:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-09-20 06:52 - 2014-12-08 00:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 06:46 - 2015-10-30 00:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118058\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118302\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-5170115-1249461234-645129025-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\Desktop\All Pictures\12-16-17 Kylo Ren and Rei at Star Wars The Last Jedi movie playing at Arden.JPG
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\Desktop\All Pictures\12-16-17 Kylo Ren and Rei at Star Wars The Last Jedi movie playing at Arden.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-5170115-1249461234-645129025-1002\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-5170115-1249461234-645129025-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07132018164118430\...\StartupApproved\Run: => "Amazon Music Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{89CF1726-FAF3-4D11-B659-52315D3C2CCF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{385603B6-8303-40F1-B3B6-F831E5E16050}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{B2577BFE-793C-4868-8E59-19F04E281787}] => (Block) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{45753A5F-BBCB-4CE0-B9BF-1E2E14972BEA}] => (Block) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{7BE8EF8E-C570-4220-B763-78F0DBDEA5B7}C:\users\anna\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{5C95D33A-1900-4F21-BBA0-BC232FD43FEC}C:\users\anna\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\anna\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{17A4E085-6983-4D56-9062-10BAF6367E53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7256D030-CBC8-4EEF-9899-C6998546CFE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{913FB12B-66F1-4D46-885E-EDB5DC659C5D}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE
FirewallRules: [{0B3182BE-2664-4324-8CA0-20C1F26AFFF5}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{DED2D34D-1C35-4C68-803D-EB84701F3F06}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{8C841DE6-A037-47FC-A6ED-F0896D573121}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{CAF7A323-AF2B-4BC5-94B9-AE82F5768AD8}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{7705E3C7-8667-479D-8517-BAA9D89C60BD}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{4560BA30-0229-49DD-80D3-D016B45A5B3A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
07-07-2018 11:28:03 Scheduled Checkpoint
13-07-2018 10:05:03 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2018 12:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc000041d
Fault offset: 0x00000000000041d0
Faulting process id: 0x3f38
Faulting application start time: 0x01d41bacd3eb7898
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: c3b5ed8c-e1e9-4dd5-aedc-02bb7ffa208d
Faulting package full name:
Faulting package-relative application ID:
Error: (07/14/2018 12:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc0000005
Fault offset: 0x00000000000041d0
Faulting process id: 0x3f38
Faulting application start time: 0x01d41bacd3eb7898
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: 90866af0-30f7-4eaa-a100-ba8684c761bf
Faulting package full name:
Faulting package-relative application ID:
Error: (07/14/2018 10:44:22 AM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP-1T88022)
Description: Product: Dell SupportAssist -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: WickInstaller.1.5CE21306_A484_4807_9F74_29446153A569, location: C:\Program Files\Dell\SupportAssistAgent\PCDr\Installer\SupportAssist_6.0.6992.1111_x64.exe, command: --INTERNAL_UninstallFromMsm
Error: (07/14/2018 10:42:03 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/14/2018 10:39:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc000041d
Fault offset: 0x00000000000041d0
Faulting process id: 0x339c
Faulting application start time: 0x01d41b99a191e141
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: e9f7fc02-072b-45bc-9139-a553e1d1b76b
Faulting package full name:
Faulting package-relative application ID:
Error: (07/14/2018 10:39:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Faulting module name: quickset.exe, version: 10.17.6.3, time stamp: 0x554804a8
Exception code: 0xc0000005
Fault offset: 0x00000000000041d0
Faulting process id: 0x339c
Faulting application start time: 0x01d41b99a191e141
Faulting application path: C:\Program Files\Dell\QuickSet\quickset.exe
Faulting module path: C:\Program Files\Dell\QuickSet\quickset.exe
Report Id: 7a52e079-6d1b-45d8-a6b7-44d99f7351d6
Faulting package full name:
Faulting package-relative application ID:
Error: (07/14/2018 10:38:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (07/14/2018 10:38:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (07/14/2018 12:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/14/2018 10:42:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s).
Error: (07/14/2018 10:42:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).
Error: (07/14/2018 10:42:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s).
Error: (07/14/2018 10:41:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/14/2018 10:38:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/13/2018 10:11:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/13/2018 07:00:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.132.
The computer with the IP address 10.0.0.202 did not allow the name to be claimed by
this computer.
Windows Defender:
===================================
Date: 2018-06-13 06:13:13.567
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...47&enterprise=0
Name: TrojanDownloader:JS/Nemucod.HD
ID: 2147717547
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Anna\AppData\Local\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810\cache2\entries\B2183EA995CAD5BAE66D965207B97546F9DE89D9
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.237.343.0, AS: 1.237.343.0, NIS: 1.237.343.0
Engine Version: AM: 1.1.13504.0, NIS: 1.1.13504.0
Date: 2018-06-13 06:13:00.021
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...47&enterprise=0
Name: TrojanDownloader:JS/Nemucod.HD
ID: 2147717547
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Anna\AppData\Local\Mozilla\Firefox\Profiles\oj1c79fr.default-1522376397810\cache2\entries\B2183EA995CAD5BAE66D965207B97546F9DE89D9
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.237.343.0, AS: 1.237.343.0, NIS: 1.237.343.0
Engine Version: AM: 1.1.13504.0, NIS: 1.1.13504.0
CodeIntegrity:
===================================
Date: 2018-07-05 13:21:04.817
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.787
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.771
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.756
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.731
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.714
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 13:21:04.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 57%
Total physical RAM: 5056.32 MB
Available physical RAM: 2141.72 MB
Total Virtual: 7360.32 MB
Available Virtual: 3951.88 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.32 GB) (Free:405.5 GB) NTFS
\\?\Volume{8ab0db6d-a33f-495d-99a7-a85235ec3278}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{c5559f13-916a-489a-9ec7-301aa12b67e3}\ (Image) (Fixed) (Total:12.38 GB) (Free:0.64 GB) NTFS
\\?\Volume{6e84b3b6-f204-40c6-a462-38b7eb36f9d1}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 404075F8)
Partition: GPT.
==================== End of Addition.txt ============================