Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015 Ran by michelle cooley (administrator) on COOLEYMOM-PC (06-09-2015 10:33:55) Running from C:\Users\michelle cooley\Downloads Loaded Profiles: michelle cooley (Available Profiles: michelle cooley) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe Failed to access process -> iexplore.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WMIC.exe (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WMIC.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\symerr.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [Facebook Update] => C:\Users\michelle cooley\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-01] (Facebook Inc.) HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-23] (CyberLink Corp.) HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53760128 2015-07-18] (Skype Technologies S.A.) HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [BingSvc] => C:\Users\michelle cooley\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0C8D092D-2076-4941-AA25-9A010E225259}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{762172ED-54F6-4A92-B1E4-7A81D39543D9}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1 HKU\S-1-5-21-1344420199-33566695-4287825354-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/ SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1344420199-33566695-4287825354-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-06-13] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1344420199-33566695-4287825354-1002: @nsroblox.roblox.com/launcher -> C:\Users\michelle cooley\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1344420199-33566695-4287825354-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\michelle cooley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1344420199-33566695-4287825354-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\michelle cooley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-05] Chrome: ======= CHR Profile: C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-18] CHR Extension: (Google Drive) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-18] CHR Extension: (YouTube) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-18] CHR Extension: (Norton Security Toolbar) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-18] CHR Extension: (Google Search) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-18] CHR Extension: (Google Sheets) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-18] CHR Extension: (Norton Identity Safe) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18] CHR Extension: (Gmail) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-28] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-28] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-06-13] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [368640 2014-08-13] (Verizon) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-09-05] (Enigma Software Group USA, LLC.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) S2 0109631412269381mcinstcleanup; C:\Users\MICHEL~1\AppData\Local\Temp\010963~1.EXE -cleanup -nolog [X] S2 Winmgmt; C:\PROGRA~3\575A75D2E.zot [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-27] (Symantec Corporation) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-05] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-09-05] () R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150904.003\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150905.002\ENG64.SYS [138488 2015-08-24] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150905.002\EX64.SYS [2146040 2015-08-24] (Symantec Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-28] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) U3 McAPExe; no ImagePath U3 McMPFSvc; no ImagePath U3 McNaiAnn; no ImagePath U3 mcpltsvc; no ImagePath U3 McProxy; no ImagePath U3 mfecore; no ImagePath U3 MSK80Service; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-05 21:49 - 2015-09-05 22:13 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\michelle cooley\Downloads\tdsskiller.exe 2015-09-05 18:14 - 2015-09-05 18:14 - 00000000 _____ C:\autoexec.bat 2015-09-05 18:13 - 2015-09-05 18:13 - 00003374 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2015-09-05 18:13 - 2015-09-05 18:13 - 00001110 _____ C:\Users\michelle cooley\Desktop\SpyHunter.lnk 2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Enigma Software Group 2015-09-05 18:12 - 2015-09-05 18:13 - 00000000 ____D C:\sh4ldr 2015-09-05 18:08 - 2015-09-05 18:08 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2015-09-05 18:07 - 2015-09-05 18:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2015-09-05 18:06 - 2015-09-05 18:06 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\michelle cooley\Downloads\SpyHunter-Installer.exe 2015-09-05 11:51 - 2015-09-05 12:20 - 00041889 _____ C:\Users\michelle cooley\Downloads\Addition.txt 2015-09-05 11:43 - 2015-09-06 10:33 - 00024041 _____ C:\Users\michelle cooley\Downloads\FRST.txt 2015-09-05 11:41 - 2015-09-06 10:34 - 00000000 ____D C:\FRST 2015-09-05 11:31 - 2015-09-05 11:31 - 02188800 _____ (Farbar) C:\Users\michelle cooley\Downloads\FRST64.exe 2015-09-05 08:01 - 2015-09-05 08:01 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Sun 2015-09-05 08:00 - 2015-09-05 08:00 - 00000000 ____D C:\Users\michelle cooley\.oracle_jre_usage 2015-09-05 08:00 - 2015-09-05 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-05 08:00 - 2015-09-05 07:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-09-05 07:58 - 2015-09-05 07:58 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-05 06:33 - 2015-09-05 10:49 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\NPE 2015-09-05 06:32 - 2015-09-05 06:32 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0} 2015-08-30 17:29 - 2015-08-30 17:29 - 01546150 _____ C:\Users\michelle cooley\Downloads\C3.pptx 2015-08-24 08:43 - 2015-08-24 08:43 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2015-08-24 07:52 - 2015-08-24 07:52 - 01767936 _____ C:\Users\michelle cooley\Downloads\Toyota_Case_Example_Adjusted_102014.ppt 2015-08-23 11:08 - 2015-08-23 11:08 - 00044032 _____ C:\Users\michelle cooley\Downloads\OM540_Week_07_Standard Normal Loss Function.xls 2015-08-22 07:22 - 2015-08-22 07:24 - 12768084 _____ C:\Users\michelle cooley\Downloads\chopra_scm6_inppt_05.pptx 2015-08-22 07:14 - 2015-08-22 07:14 - 00028160 _____ C:\Users\michelle cooley\Downloads\3_2015__OM_540_Week_04_DryIce_Solution (1).xls 2015-08-19 11:12 - 2015-08-19 11:12 - 00139279 _____ C:\Users\michelle cooley\Downloads\OM540_Week_08_New_Skycell_Solution.xlsx 2015-08-18 14:30 - 2015-09-02 07:32 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-18 14:30 - 2015-08-18 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-18 14:19 - 2015-09-06 10:29 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-18 14:19 - 2015-08-30 14:24 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-18 14:19 - 2015-08-30 14:24 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-18 14:19 - 2015-08-30 14:24 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-18 14:19 - 2015-08-18 14:30 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Google 2015-08-18 14:19 - 2015-08-18 14:29 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-18 14:18 - 2015-08-18 14:19 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Deployment 2015-08-18 14:18 - 2015-08-18 14:18 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Apps\2.0 2015-08-18 07:41 - 2015-08-18 07:41 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\CEF 2015-08-18 07:35 - 2015-08-18 19:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-08-18 07:35 - 2015-08-18 07:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-08-18 07:35 - 2015-08-18 07:35 - 00002074 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-08-18 07:34 - 2015-08-18 07:41 - 00000000 ____D C:\ProgramData\Adobe 2015-08-18 07:34 - 2015-08-18 07:34 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-08-18 07:24 - 2015-08-18 07:41 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Adobe 2015-08-18 02:59 - 2015-08-18 02:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2015-08-08 08:12 - 2015-08-08 08:13 - 00037888 _____ C:\Users\michelle cooley\Downloads\2_13_Worksheet_for_Practice_Exercise_II.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 10:21 - 2014-08-01 01:15 - 00000994 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002UA.job 2015-09-06 10:02 - 2014-07-28 02:23 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1344420199-33566695-4287825354-1002 2015-09-06 10:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-06 09:29 - 2014-07-28 02:17 - 01543250 _____ C:\Windows\WindowsUpdate.log 2015-09-06 07:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness 2015-09-06 07:26 - 2014-10-02 16:52 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\CrashDumps 2015-09-06 07:13 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\migwiz 2015-09-06 07:10 - 2014-07-28 02:19 - 00000000 ____D C:\Users\michelle cooley\Documents\Youcam 2015-09-06 07:09 - 2015-07-28 16:15 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Skype 2015-09-06 07:09 - 2014-10-28 21:24 - 00000000 ____D C:\Users\michelle cooley\OneDrive 2015-09-06 01:20 - 2014-08-01 01:15 - 00000972 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002Core.job 2015-09-05 22:37 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-05 22:36 - 2013-08-26 02:01 - 00383036 _____ C:\Windows\PFRO.log 2015-09-05 22:36 - 2013-08-22 10:46 - 00039043 _____ C:\Windows\setupact.log 2015-09-05 22:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-09-05 22:04 - 2014-07-28 02:18 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F6523E0-8969-488A-9E8E-3F76D0793576} 2015-09-05 10:55 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-09-05 08:43 - 2014-07-28 02:17 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Packages 2015-09-05 08:02 - 2014-09-01 11:16 - 00000000 ____D C:\ProgramData\Oracle 2015-09-05 08:00 - 2014-07-28 02:17 - 00000000 ____D C:\Users\michelle cooley 2015-09-05 07:15 - 2014-10-02 13:11 - 00000000 ____D C:\ProgramData\Norton 2015-09-02 15:55 - 2014-07-28 12:22 - 00000000 ____D C:\Users\michelle cooley\Documents\Post Notes III 2015-08-29 07:23 - 2014-07-28 13:44 - 00000253 _____ C:\Users\michelle cooley\Desktop\Engage.url 2015-08-25 07:57 - 2014-07-28 10:18 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-08-25 07:36 - 2015-05-16 12:08 - 00005030 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for COOLEYMOM-PC-michelle cooley cooleymom-pc 2015-08-24 08:37 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-08-18 07:40 - 2014-07-28 02:18 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Adobe 2015-08-18 02:59 - 2014-10-02 13:12 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2015-08-18 02:59 - 2014-10-02 13:12 - 00002264 _____ C:\Users\Public\Desktop\Norton 360.LNK 2015-08-18 02:59 - 2014-10-02 13:11 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2015-08-18 01:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF 2015-08-18 01:26 - 2015-07-31 06:41 - 00000000 ____D C:\Windows\System32\Tasks\Remediation ==================== Files in the root of some directories ======= 2014-10-04 15:53 - 2015-06-04 22:34 - 0005632 _____ () C:\Users\michelle cooley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-03 17:21 - 2014-12-03 17:21 - 0103749 _____ () C:\Users\michelle cooley\AppData\Local\VZWifiIcon.ico 2015-03-17 19:51 - 2015-03-17 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini Files to move or delete: ==================== C:\Users\michelle cooley\MetricCollection.dll Some files in TEMP: ==================== C:\Users\michelle cooley\AppData\Local\Temp\Extract.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-29 09:46 ==================== End of FRST.txt ============================