Hello. Could I get some help in removing the Trojan.Kotver!gm2 virus? I'm running Windows 10. Thanks.
Trojan.Kotver!gm2 Infection [Solved]
Started by
JoeX
, Oct 24 2016 08:04 AM
-
This topic is locked
#2
Posted 29 October 2016 - 02:46 AM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
Hi JoeX,
Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
- Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
- All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others. If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
- Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
- Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
- If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed. All of the tools I will have you use are safe to use (as instructed) and malware free.
- While we strive to disrupt your system as little as possible, things happen. If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
- Please do not run any other tools or scanners than what I ask you to. Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
- Save ALL Tools to your Desktop-
All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. 
Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. 
Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Quoted from and used by permission of BrianDrab. Thank you.
Let's get started....
Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.
Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
Only one of these files will run on your system; that is the correct one to keep; delete the other one, please.
- Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- If an update is available, the program will inform you and download the update. Allow it do this please.
- Once the tool shows "The tool is ready to use." message, please press the Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
#3
Posted 30 October 2016 - 08:29 AM
JoeX
- Topic Starter
-
- Member
-
- 7 posts
New Member
Hello dbreeze. Thank you for the help. Here is the information that you requested:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016
Ran by shaffer7 (administrator) on SHAFFER (30-10-2016 10:13:15)
Running from C:\Users\shaffer7\Desktop
Loaded Profiles: shaffer7 (Available Profiles: shaffer7 & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
(SpeedyPC Software) C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-01-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-01-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [3427880 2016-01-16] (Bootstrap Software Development)
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\Run: [**ytvaejhdyt<*>] => "C:\Users\shaffer7\AppData\Local\51e63e\3e2c1e.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\RunOnce: [Uninstall C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\RunOnce: [Uninstall C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\RunOnce: [Uninstall C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\RunOnce: [Uninstall C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\RunOnce: [Uninstall C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\MountPoints2: {2a97b1b1-a25d-11e5-bf4f-a417310a7574} - "J:\VZW_Software_upgrade_assistant.exe"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-07-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Startup: C:\Users\shaffer7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\95b676.lnk [2016-10-26]
ShortcutTarget: 95b676.lnk -> C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\shaffer7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc269d.lnk [2016-10-08]
ShortcutTarget: cc269d.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{1d8113d3-9005-478e-bc4f-0991240fdd3c}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Internet Explorer:
==================
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-4255973180-3286394298-2056501660-1001 -> DefaultScope {251597C0-54A1-46EF-A10D-8F01EF4A7BD4} URL =
SearchScopes: HKU\S-1-5-21-4255973180-3286394298-2056501660-1001 -> {251597C0-54A1-46EF-A10D-8F01EF4A7BD4} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-02] (Qualcomm Atheros Commnucations)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: uvy1faeq.default
FF ProfilePath: C:\Users\shaffer7\AppData\Roaming\Mozilla\Firefox\Profiles\uvy1faeq.default [2016-10-28]
FF Homepage: Mozilla\Firefox\Profiles\uvy1faeq.default -> hxxp://yahoo.com/
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-04] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\N360.exe [289080 2016-09-23] (Symantec Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-01-11] (Realtek Semiconductor)
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318760 2016-01-11] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20161027.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20161028.001\IDSvia64.sys [1012952 2016-10-28] (Symantec Corporation)
S3 MarvinBus; C:\WINDOWS\System32\drivers\MarvinBus64.sys [261120 2005-09-24] (Pinnacle Systems GmbH) [File not signed]
U5 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [445288 2012-07-26] (NVIDIA Corporation)
S3 PinnacleMarvinAVS; C:\WINDOWS\system32\DRIVERS\MarvinAVS64.sys [484736 2007-05-09] (Pinnacle a division of Avid Technology, Inc.) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608000.032\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-17] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.036\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.036\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-30 10:13 - 2016-10-30 10:13 - 00024848 _____ C:\Users\shaffer7\Desktop\FRST.txt
2016-10-30 10:12 - 2016-10-30 10:12 - 02408448 _____ (Farbar) C:\Users\shaffer7\Desktop\FRST64.exe
2016-10-30 10:06 - 2016-10-30 10:13 - 00000000 ____D C:\FRST
2016-10-28 19:58 - 2016-10-28 19:58 - 00002223 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-10-28 19:58 - 2016-10-28 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00032079.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00031025.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00030694.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00030246.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00028861.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00028475.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00028386.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00028202.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00028095.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00028030.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00027960.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00027317.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00026799.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00025977.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00025662.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00025542.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00024680.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00024339.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00024314.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00024242.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00024238.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00024108.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00023303.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00023140.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00023109.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00021788.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00021201.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00021004.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00020755.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00020556.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00020499.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00020470.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00020242.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00020231.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00019930.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00019830.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00019608.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00019589.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00019467.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00019343.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00018572.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00018240.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00017506.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00017501.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00014942.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00014831.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00014010.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00013212.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00013145.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00013087.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00013037.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00013026.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00012895.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00012752.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00012073.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00011417.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00010886.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00010362.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00009774.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00009567.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00008990.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00008975.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00007545.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00006598.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00006460.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00006319.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00006252.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00005994.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00005299.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00005165.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00005085.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00004394.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00002721.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00002673.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00001732.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00000633.tmp
2016-10-26 12:30 - 2016-10-26 12:30 - 01340008 ____T C:\WINDOWS\SysWOW64\00000513.tmp
2016-10-21 11:06 - 2016-10-26 12:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 11:05 - 2016-10-28 19:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-10-20 10:59 - 2016-10-20 10:59 - 00003398 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-10-13 11:56 - 2016-10-05 03:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-13 11:56 - 2016-10-05 03:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-13 11:56 - 2016-10-05 03:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-13 11:56 - 2016-10-05 03:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-13 11:56 - 2016-10-05 03:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-13 11:56 - 2016-10-05 03:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-13 11:56 - 2016-10-05 03:01 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-13 11:56 - 2016-10-05 02:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-10-13 11:56 - 2016-10-05 00:10 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-13 11:56 - 2016-10-05 00:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-13 11:56 - 2016-10-05 00:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-13 11:56 - 2016-10-04 23:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-13 11:56 - 2016-10-04 23:10 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-13 11:56 - 2016-10-04 23:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-13 11:56 - 2016-10-04 22:55 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-13 11:56 - 2016-10-04 22:50 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-13 11:56 - 2016-10-04 22:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-13 11:56 - 2016-10-04 22:39 - 24611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-13 11:56 - 2016-10-04 22:39 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-13 11:56 - 2016-10-04 22:33 - 14255104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-13 11:56 - 2016-10-04 22:27 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-13 11:56 - 2016-10-04 22:26 - 07836672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-13 11:56 - 2016-10-04 22:13 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-13 11:56 - 2016-10-04 22:13 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-13 11:56 - 2016-10-04 22:06 - 12587008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-13 11:56 - 2016-10-04 22:01 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-13 11:56 - 2016-09-17 03:45 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-13 11:56 - 2016-09-17 02:45 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-13 11:56 - 2016-09-17 02:22 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-13 11:55 - 2016-10-05 03:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-13 11:55 - 2016-10-05 03:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-13 11:55 - 2016-10-05 03:20 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-13 11:55 - 2016-10-05 03:20 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-13 11:55 - 2016-10-05 03:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-13 11:55 - 2016-10-05 03:18 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-13 11:55 - 2016-10-05 03:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-13 11:55 - 2016-10-05 03:18 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-13 11:55 - 2016-10-05 03:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-13 11:55 - 2016-10-05 02:17 - 03693064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-13 11:55 - 2016-10-05 02:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-10-13 11:55 - 2016-10-05 02:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-13 11:55 - 2016-10-05 02:09 - 00604920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-13 11:55 - 2016-10-05 01:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-10-13 11:55 - 2016-10-05 01:39 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-13 11:55 - 2016-10-05 01:39 - 00576856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-13 11:55 - 2016-10-05 01:38 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-13 11:55 - 2016-10-05 01:38 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-13 11:55 - 2016-10-05 01:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-13 11:55 - 2016-10-05 01:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-10-13 11:55 - 2016-10-05 01:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-13 11:55 - 2016-10-05 01:23 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-13 11:55 - 2016-10-05 01:08 - 02937896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-13 11:55 - 2016-10-05 01:05 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-10-13 11:55 - 2016-10-05 01:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-10-13 11:55 - 2016-10-05 01:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-13 11:55 - 2016-10-05 00:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-13 11:55 - 2016-10-05 00:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-10-13 11:55 - 2016-10-05 00:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2016-10-13 11:55 - 2016-10-05 00:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-10-13 11:55 - 2016-10-05 00:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-10-13 11:55 - 2016-10-05 00:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-13 11:55 - 2016-10-05 00:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-13 11:55 - 2016-10-05 00:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-13 11:55 - 2016-10-05 00:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-13 11:55 - 2016-10-05 00:33 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-13 11:55 - 2016-10-05 00:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-13 11:55 - 2016-10-05 00:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-13 11:55 - 2016-10-05 00:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-13 11:55 - 2016-10-05 00:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-13 11:55 - 2016-10-05 00:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-10-13 11:55 - 2016-10-05 00:27 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2016-10-13 11:55 - 2016-10-05 00:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-10-13 11:55 - 2016-10-05 00:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-13 11:55 - 2016-10-05 00:18 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-13 11:55 - 2016-10-05 00:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-10-13 11:55 - 2016-10-05 00:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-13 11:55 - 2016-10-05 00:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2016-10-13 11:55 - 2016-10-05 00:07 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-10-13 11:55 - 2016-10-05 00:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-13 11:55 - 2016-10-05 00:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-13 11:55 - 2016-10-05 00:02 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-13 11:55 - 2016-10-05 00:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-13 11:55 - 2016-10-05 00:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-13 11:55 - 2016-10-04 23:57 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-10-13 11:55 - 2016-10-04 23:55 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-13 11:55 - 2016-10-04 23:40 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-13 11:55 - 2016-10-04 23:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-10-13 11:55 - 2016-10-04 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2016-10-13 11:55 - 2016-10-04 23:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-13 11:55 - 2016-10-04 23:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-13 11:55 - 2016-10-04 23:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-13 11:55 - 2016-10-04 23:29 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-13 11:55 - 2016-10-04 23:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-13 11:55 - 2016-10-04 23:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-10-13 11:55 - 2016-10-04 23:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-13 11:55 - 2016-10-04 23:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-10-13 11:55 - 2016-10-04 23:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-10-13 11:55 - 2016-10-04 23:14 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-13 11:55 - 2016-10-04 23:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2016-10-13 11:55 - 2016-10-04 23:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-13 11:55 - 2016-10-04 23:04 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-13 11:55 - 2016-10-04 23:04 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-13 11:55 - 2016-10-04 22:59 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-13 11:55 - 2016-10-04 22:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-13 11:55 - 2016-10-04 22:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-13 11:55 - 2016-10-04 22:39 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-13 11:55 - 2016-10-04 22:22 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-13 11:55 - 2016-10-04 22:13 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-13 11:55 - 2016-09-30 22:16 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-13 11:55 - 2016-09-26 22:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-13 11:55 - 2016-09-17 04:08 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-13 11:55 - 2016-09-17 03:28 - 03077120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-13 11:55 - 2016-09-17 03:12 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-13 11:55 - 2016-09-17 02:43 - 02552832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-13 11:55 - 2016-06-18 00:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-10-13 11:55 - 2016-06-18 00:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-10-13 11:55 - 2016-06-18 00:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-10-13 11:55 - 2016-06-18 00:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-10-08 08:50 - 2016-10-14 08:37 - 00000000 ____D C:\Users\shaffer7\AppData\Local\51e63e
2016-10-08 08:50 - 2016-10-08 08:50 - 00000000 ____D C:\Users\shaffer7\AppData\Roaming\445f8f
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-30 09:57 - 2014-12-15 11:58 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-30 09:50 - 2016-08-14 15:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-30 09:39 - 2016-03-24 19:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-10-30 09:28 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-30 09:23 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-30 09:23 - 2014-12-11 15:14 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1DA757F9-237D-464A-9E01-4053B4B1929E}
2016-10-30 09:22 - 2014-12-10 19:08 - 00000000 ____D C:\Users\shaffer7\AppData\Local\CrashDumps
2016-10-30 09:20 - 2014-12-15 11:58 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-30 09:19 - 2014-12-10 16:59 - 00000488 _____ C:\WINDOWS\Tasks\SpeedyPC Pro Startup.job
2016-10-28 19:58 - 2014-12-15 11:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-28 19:44 - 2014-12-10 17:17 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-10-28 19:43 - 2016-01-11 10:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-28 19:43 - 2016-01-11 10:33 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-28 17:24 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-10-28 09:23 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-27 10:42 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-27 08:11 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-10-26 12:50 - 2016-09-13 08:50 - 05488320 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-10-26 12:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-26 12:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-26 09:55 - 2015-12-18 09:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-26 09:55 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-10-24 17:56 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 17:56 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-22 18:00 - 2014-12-10 16:59 - 00000514 _____ C:\WINDOWS\Tasks\SpeedyPC Registration3.job
2016-10-22 07:29 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-10-20 11:00 - 2014-12-11 11:02 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-10-20 10:59 - 2016-07-02 11:43 - 00002415 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-10-20 10:59 - 2015-07-30 08:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-10-19 09:42 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-19 09:41 - 2015-03-19 09:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-10-19 09:34 - 2014-12-10 16:27 - 00000000 ____D C:\Users\shaffer7\AppData\Local\Packages
2016-10-17 17:28 - 2015-01-06 11:07 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-10-17 17:28 - 2015-01-06 11:07 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-10-16 13:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-10-14 08:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-14 08:09 - 2014-12-10 17:08 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-14 08:05 - 2016-01-11 10:29 - 00352456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-13 16:34 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-13 16:34 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-13 15:10 - 2016-04-10 15:24 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 15:09 - 2016-04-10 15:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-13 12:10 - 2014-12-11 09:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-13 12:07 - 2014-12-11 09:29 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-07 02:19 - 2014-12-10 16:59 - 00000593 _____ C:\WINDOWS\Tasks\SpeedyPC Pro_sch_7CD24EC3-80AF-11E4-BE6B-A417310A7574.job
==================== Files in the root of some directories =======
2014-12-10 16:59 - 2016-10-30 09:19 - 0000053 _____ () C:\Users\shaffer7\AppData\Roaming\LogFile.txt
2016-01-11 10:32 - 2016-01-11 10:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-28 11:08
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
Ran by shaffer7 (30-10-2016 10:13:58)
Running from C:\Users\shaffer7\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-11 14:59:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4255973180-3286394298-2056501660-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4255973180-3286394298-2056501660-503 - Limited - Disabled)
Guest (S-1-5-21-4255973180-3286394298-2056501660-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4255973180-3286394298-2056501660-1005 - Limited - Enabled)
shaffer7 (S-1-5-21-4255973180-3286394298-2056501660-1001 - Administrator - Enabled) => C:\Users\shaffer7
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J650DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
MediaWidget 8.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version: - Bootstrap Development, LLC.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4867.1003 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Neat (HKLM-x32\...\Neat) (Version: 5.6.1.374 - The Neat Company)
Neat Core Files (x32 Version: 5.6.1.374 - The Neat Company) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.8.0.50 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.14.0 - SpeedyPC Software) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4255973180-3286394298-2056501660-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4255973180-3286394298-2056501660-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01111B9E-AB7C-4513-9535-9A6F47414D94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0489F1A7-6697-42F4-8062-8D9A61BE27C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E39EC5F-7AE4-4124-AB6B-57710502451A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A6495B6-EFCD-4C95-AFFF-43F9F778D361} - System32\Tasks\SpeedyPC Update Version3 => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {329F9405-77D8-4FF2-BDA4-E42DEACAF3C6} - System32\Tasks\SpeedyPC Pro_sch_7CD24EC3-80AF-11E4-BE6B-A417310A7574 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {35497898-E95D-4B17-B562-B0A30123DC02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3F1BFD2F-1558-4260-A851-2976E24A555C} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {40673997-545D-4B4D-AE35-325EC35755C3} - System32\Tasks\SpeedyPC Pro Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {5A32C587-D5F5-481F-A688-37758EF2820D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F49812C-CCB9-486B-9E44-1770AE7BBCA3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {62BE6ED1-39AE-4779-9EF1-F7A798890270} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {6981B4D0-F809-4250-9C4A-92090D6BCD38} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {75417C46-F896-4077-B903-D02056756F25} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7A905211-FFB2-40B5-A00F-DED2EF757A03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {80D3C954-07A9-40A1-8BAC-02F5F0610D27} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {83EC851C-7D89-4B06-ABBC-F57FE05C22D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8932F6A2-ADE3-444E-89EF-E25FADF9C5E0} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {8A9BA25B-2541-4827-B699-2D6AD85FF844} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {8B2FAA5B-216B-4A43-85D3-14C19B434A4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {8EF4F5EC-4642-47EC-A48D-976C17E72BFD} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {90062356-3998-4B84-B3A3-86D7F16BE999} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {90594563-AC86-4DA9-AE16-684350756173} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {A72FBFBB-C27D-46F9-BC8C-95B6ADEA1082} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {ACA264B6-36C5-4968-86D7-1702456753FF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {B1A5FBD0-8628-4C72-950B-DD5258AF073B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {C08E7703-08E2-4EDE-AEF6-394ED8701FD9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {CBF4889B-E9DD-4290-A8F5-5C65C85BAFB5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {D809F7C2-BBF4-45C2-B837-ED5FC2C7908B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D8B744E1-B003-4DD1-B49E-101E5FE92E6D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD1DF952-F48F-4149-983A-5A7071FCA230} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {E3AF3C86-F166-4A9A-904F-7E78B883F64F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {E49AEFBC-69FE-4BE8-B8B8-CADD60C74CCA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {EFFB430B-A74D-43ED-8D4C-21C3A986ECBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-13] (Microsoft Corporation)
Task: {FC7CB497-CE68-4254-A9E3-C79DB0D7F328} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FE243AD6-CEFF-4FCB-8BB1-A2A878315BA5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpeedyPC Pro Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Pro_sch_7CD24EC3-80AF-11E4-BE6B-A417310A7574.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3_triggeronce.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\shaffer7\AppData\Local\51e63e\3e2c1e.lnk -> C:\Users\shaffer7\AppData\Local\51e63e\967baa.bat ()
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-10 21:46 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-03-19 09:40 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-15 12:58 - 2012-04-24 22:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-11 10:33 - 2015-08-06 20:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-13 16:28 - 2016-09-07 01:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-13 16:28 - 2016-09-07 01:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-23 14:06 - 2016-08-23 14:06 - 01864384 _____ () C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-25 16:24 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-11 13:24 - 2016-01-11 13:24 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 17:26 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-13 16:26 - 2016-09-07 00:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-13 16:26 - 2016-09-07 00:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-13 16:26 - 2016-09-07 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-13 16:26 - 2016-09-07 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-06-28 17:39 - 2012-06-28 17:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2016-04-19 06:38 - 2016-04-19 06:38 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-12-11 15:23 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-11-15 12:52 - 2012-06-26 05:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-18 16:23 - 2014-11-18 16:23 - 00540800 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\7ZipDLL.dll
2014-11-18 16:23 - 2014-11-18 16:23 - 00045696 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\LiteZip.dll
2014-11-18 16:23 - 2014-11-18 16:23 - 00083584 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\ExtensionManager.dll
2014-11-18 16:23 - 2014-11-18 16:23 - 00155264 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\CommonLoggingExtension.pxt
2014-11-18 16:23 - 2014-11-18 16:23 - 00153728 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\CommonSpecialist.pxt
2014-11-18 16:23 - 2014-11-18 16:23 - 00138880 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\RegHookSpecialist.pxt
2014-11-18 16:23 - 2014-11-18 16:23 - 00925824 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Utility.pxt
2014-11-18 16:23 - 2014-11-18 16:23 - 00053376 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\LiteUnzip.dll
2016-08-23 14:06 - 2016-08-23 14:06 - 01383616 _____ () C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 14:06 - 2016-08-23 14:06 - 00118976 _____ () C:\Users\shaffer7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-04-19 06:38 - 2016-04-19 06:38 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:38 - 2016-04-19 06:38 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Software\Classes\253495: "C:\WINDOWS\system32\mshta.exe" "javascript:qakDCA53x="7ivHlUYd";Lw4=new ActiveXObject("WScript.Shell");m3fDsmzF="nBvShzdw";YX1hu=Lw4.RegRead("HKCU\\software\\aixqaekka\\yjbszxd");zwRSoH23="xHSXDwJ";eval(YX1hu);OwkkWB3="EC4pyEg";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-4255973180-3286394298-2056501660-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{946848E1-EA0D-4DC8-A319-CD825F989AC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0392953-CCA2-49AE-B527-DF4F21748E68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{816C1AEA-2119-4F54-BE92-447DC2A4D7EE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EC33673E-FE93-423C-AA9B-A4F5883E219A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{98A990DC-0EDE-4B21-9503-EAC3D3B5CD7E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B3B69FBD-AF7D-407B-BE4F-E7ECF900C29D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F362F98A-DCF9-4E77-99DE-9ADC9AC2B212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B68AC136-2201-455B-B956-0221BD531C54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF087482-A9E1-4678-9930-4A4D419CE493}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F0A6E66-327F-44AE-A844-9CE5E00F1C54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{515A47FC-D078-4A79-95EF-2EB68566B6E9}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{CC7E9292-3A29-4018-8585-9A5FA809C589}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{111E45AD-74A8-4ADB-8CE3-E6FABE26AB6F}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{EDD81C8B-6E40-4E84-BED3-5F9E91FBBF56}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [{2166AE12-CCF8-436A-9F1F-2689B5383AE6}] => (Allow) LPort=1900
FirewallRules: [{40727CBD-CFA2-486F-8F6D-7DE20D564B79}] => (Allow) LPort=2869
FirewallRules: [{FEB9D8F4-B002-4E23-B407-3EAA8F4E952A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{798AEC60-F72A-40D3-A414-CEAC9B706991}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{70CD0844-8EEE-4920-A0CB-BBE761809558}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{AF2BC524-FB77-4DF8-9B88-5B7332A9DA9C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A70D58C3-458B-4020-90DD-44C78DF1EBE9}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{B7AB016F-E5E2-41EC-9BA6-F404C4E02FFA}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{AB0C302E-EE67-4D44-B176-5A29E58967C1}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{54D6C0A5-F758-4BF3-8EA7-24305C91E706}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{EF979ED7-D3BC-4189-B0C9-669BE031C236}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{38F1E0E5-BD55-4152-812C-7852C1F22C51}] => (Allow) LPort=54925
FirewallRules: [{AE288ED9-D86E-469E-83CF-0DDD08B77AF8}] => (Allow) C:\Users\shaffer7\AppData\Local\Temp\7zSA095.tmp\SymNRT.exe
FirewallRules: [{EA5F2742-4B83-41A9-AAE7-7E0948C2FBF9}] => (Allow) C:\Users\shaffer7\AppData\Local\Temp\7zSA095.tmp\SymNRT.exe
FirewallRules: [{0D652D68-3B1F-4824-BC92-1748A9FFBFAE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C3981FE4-0E07-4417-9778-B7A91903F484}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
08-10-2016 09:21:08 SpeedyPC Pro Backup
13-10-2016 11:11:03 SpeedyPC Pro Backup
15-10-2016 12:42:46 SpeedyPC Pro Backup
17-10-2016 09:16:25 SpeedyPC Pro Backup
20-10-2016 10:53:24 SpeedyPC Pro Backup
26-10-2016 09:50:20 SpeedyPC Pro Backup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/30/2016 09:20:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 10.0.10586.0, time stamp: 0x5632d74e
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000409
Fault offset: 0x0008b5a0
Faulting process id: 0x1ec0
Faulting application start time: 0x01d232b0563f09aa
Faulting application path: C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c83c840f-4a92-4615-914f-1ac742575afb
Faulting package full name:
Faulting package-relative application ID:
Error: (10/30/2016 09:20:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 10.0.10586.0, time stamp: 0x5632d74e
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000409
Fault offset: 0x0008b5a0
Faulting process id: 0x1840
Faulting application start time: 0x01d232b056d2f862
Faulting application path: C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e527649d-55c5-49bc-939c-d3e79d10facf
Faulting package full name:
Faulting package-relative application ID:
Error: (10/28/2016 07:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 10.0.10586.0, time stamp: 0x5632d74e
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000409
Fault offset: 0x0008b5a0
Faulting process id: 0x1d6c
Faulting application start time: 0x01d2317553189495
Faulting application path: C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 878d3f2c-01f2-440b-a2eb-06490f4c7ef2
Faulting package full name:
Faulting package-relative application ID:
Error: (10/28/2016 07:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 10.0.10586.0, time stamp: 0x5632d74e
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000409
Fault offset: 0x0008b5a0
Faulting process id: 0x1ea0
Faulting application start time: 0x01d231755480b3e4
Faulting application path: C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 58d44bd1-116d-4b36-9b02-a44592e3938e
Faulting package full name:
Faulting package-relative application ID:
Error: (10/28/2016 07:44:09 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (10/28/2016 07:44:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (10/28/2016 07:44:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Shaffer.local already in use; will try Shaffer-2.local instead
Error: (10/28/2016 07:44:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Shaffer.local. Addr 10.0.0.5
Error: (10/28/2016 07:44:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353 16 Shaffer.local. AAAA 2601:0541:4301:AC30:A617:31FF:FE0A:7573
Error: (10/28/2016 12:03:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.596, time stamp: 0x57dcf0fb
Faulting module name: jscript9.dll, version: 11.0.10586.633, time stamp: 0x57f463ca
Exception code: 0xc0000005
Fault offset: 0x0009c6b2
Faulting process id: 0x2890
Faulting application start time: 0x01d23119fa4efaf2
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\SYSTEM32\jscript9.dll
Report Id: ee38d90f-2b95-4c3b-84ec-7bee50944561
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (10/30/2016 09:22:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (10/28/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_54cf0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/28/2016 07:47:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (10/28/2016 07:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/28/2016 05:24:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16389
Error: (10/28/2016 05:24:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_ab35eb7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/28/2016 08:52:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (10/27/2016 03:48:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_9ac9317 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/27/2016 03:48:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_9ac9317 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/27/2016 03:48:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_9ac9317 service terminated with the following error:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk.
CodeIntegrity:
===================================
Date: 2016-10-30 09:50:16.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-28 09:35:01.697
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-17 08:01:12.409
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-15 08:26:57.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-14 08:06:35.558
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-16 07:52:33.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-15 07:18:19.342
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-14 06:35:30.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-02 07:49:14.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-11 08:02:59.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 12248.98 MB
Available physical RAM: 9031.9 MB
Total Virtual: 14104.98 MB
Available Virtual: 10671.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.57 GB) (Free:680.89 GB) NTFS
Drive i: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2634FFC5)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== End of Addition.txt ============================
#4
Posted 30 October 2016 - 12:27 PM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
Thanks for the logs. We can now start to clean this infection. If you have any questions or concerns about these steps, stop and ask for clarification until you are comfortable with the steps.
FIRST >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
QuickTime 7
SpeedyPC Pro
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\MountPoints2: {2a97b1b1-a25d-11e5-bf4f-a417310a7574} - "J:\VZW_Software_upgrade_assistant.exe"
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
2016-10-07 02:19 - 2014-12-10 16:59 - 00000593 _____ C:\WINDOWS\Tasks\SpeedyPC Pro_sch_7CD24EC3-80AF-11E4-BE6B-A417310A7574.job
Task: {01111B9E-AB7C-4513-9535-9A6F47414D94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0E39EC5F-7AE4-4124-AB6B-57710502451A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A6495B6-EFCD-4C95-AFFF-43F9F778D361} - System32\Tasks\SpeedyPC Update Version3 => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {329F9405-77D8-4FF2-BDA4-E42DEACAF3C6} - System32\Tasks\SpeedyPC Pro_sch_7CD24EC3-80AF-11E4-BE6B-A417310A7574 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {35497898-E95D-4B17-B562-B0A30123DC02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3F1BFD2F-1558-4260-A851-2976E24A555C} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {40673997-545D-4B4D-AE35-325EC35755C3} - System32\Tasks\SpeedyPC Pro Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {5A32C587-D5F5-481F-A688-37758EF2820D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F49812C-CCB9-486B-9E44-1770AE7BBCA3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6981B4D0-F809-4250-9C4A-92090D6BCD38} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {75417C46-F896-4077-B903-D02056756F25} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {80D3C954-07A9-40A1-8BAC-02F5F0610D27} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {83EC851C-7D89-4B06-ABBC-F57FE05C22D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8932F6A2-ADE3-444E-89EF-E25FADF9C5E0} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {8EF4F5EC-4642-47EC-A48D-976C17E72BFD} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {CBF4889B-E9DD-4290-A8F5-5C65C85BAFB5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {D8B744E1-B003-4DD1-B49E-101E5FE92E6D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD1DF952-F48F-4149-983A-5A7071FCA230} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe [2014-11-18] (SpeedyPC Software) <==== ATTENTION
Task: {FE243AD6-CEFF-4FCB-8BB1-A2A878315BA5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Pro Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Pro_sch_7CD24EC3-80AF-11E4-BE6B-A417310A7574.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3_triggeronce.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\...\Run: [**ytvaejhdyt<*>] => "C:\Users\shaffer7\AppData\Local\51e63e\3e2c1e.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\shaffer7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\95b676.lnk [2016-10-26]
Startup: C:\Users\shaffer7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc269d.lnk [2016-10-08]
Shortcut: C:\Users\shaffer7\AppData\Local\51e63e\3e2c1e.lnk -> C:\Users\shaffer7\AppData\Local\51e63e\967baa.bat ()
HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Software\Classes\253495: "C:\WINDOWS\system32\mshta.exe" "javascript:qakDCA53x="7ivHlUYd";Lw4=new ActiveXObject("WScript.Shell");m3fDsmzF="nBvShzdw";YX1hu=Lw4.RegRead("HKCU\\software\\aixqaekka\\yjbszxd");zwRSoH23="xHSXDwJ";eval(YX1hu);OwkkWB3="EC4pyEg";" <===== ATTENTION
DeleteKey: HKCU\\software\\aixqaekka
2016-10-08 08:50 - 2016-10-14 08:37 - 00000000 ____D C:\Users\shaffer7\AppData\Local\51e63e
2016-10-08 08:50 - 2016-10-08 08:50 - 00000000 ____D C:\Users\shaffer7\AppData\Roaming\445f8f
c:\program files (x86)\common files\speedypc software
C:\Program Files (x86)\SpeedyPC Software
C:\WINDOWS\SysWOW64\000*.tmp
C:\Program Files\Internet Explorer\000*.tmp
C:\Program Files (x86)\Internet Explorer\000*.tmp
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
LAST >>>>
Please download Malwarebytes Anti-Rootkit from here
- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced; they will be in the MBAR folder... mbar-log.txt and system-log.txt
Information to Reply with >>>>
- How did the uninstalls go? Any problems?
- The Fixlog.txt log file text posted.
- The Malwarebytes AntiRootkit logs. You can attach these if you like as the system-log.txt can be quite large.
- How is your system running now? Any new alerts from your AV?
#5
Posted 31 October 2016 - 08:26 AM
JoeX
- Topic Starter
-
- Member
-
- 7 posts
New Member
That worked! Thank you very much dbreeze for your help. I have attached the logs that you requested.
Attached Files
-
mbar-log-2016-10-31 (09-08-48).txt 9.51KB
151 downloads
-
mbar-log-2016-10-31 (09-51-40).txt 2.07KB
146 downloads
-
system-log.txt 300.16KB
156 downloads
#6
Posted 31 October 2016 - 10:10 PM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
I need to see the Fixlog.txt file from the FRST Fixlist script run. Please.
#7
Posted 07 November 2016 - 11:27 PM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
Let's just see if there is anything else lurking in the background....
FIRST >>>>
Junkware Removal Tool
Please download JRT from here to your desktop.
Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.
Double click the JRT.exe file to run the application.
The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).
When it is asked, press any key to allow the program to continue / run.
This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.
Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
SECOND >>>>
AdwCleaner by Xplode
Download AdwCleaner from here or from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
LAST >>>>
Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from [a href="http://www.malwareby...mwb-download/"]Here[/a].
Double Click on the mbam-setup.exe file to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Once the program has loaded and updated, select "Scan Now >>" to start the scan.
The scan may take some time to finish, so please be patient.
If any malware is found, you will be presented with a screen like the one below.
If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.
#8
Posted 08 November 2016 - 08:29 AM
JoeX
- Topic Starter
-
- Member
-
- 7 posts
New Member
I'm not knowledgeable enough to know which files/registries are okay to remove. Would you be able to give me some guidance? Here are the results of the scan:
Files:
Folder Found: C:\Users\shaffer7\AppData\Local\BSD
Folder Found: C:\Users\shaffer7\AppData\Roaming\BSD
Folder Found: C:\Users\Administrator\AppData\Roaming\BSD
Folder Found: C:\ProgramData\BSD
Folder Found: C:\ProgramData\Application Data\BSD
Folder Found: C:\Program Files (x86)\Media Widget
Folder Found: C:\Program Files (x86)\Common Files\BSD
***** [ Registry ] *****
Key Found: HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
Key Found: HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
Key Found: HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Software\DriverToolkit
Key Found: HKU\S-1-5-21-4255973180-3286394298-2056501660-1001\Software\speedypc software
Key Found: HKCU\Software\DriverToolkit
Key Found: HKCU\Software\speedypc software
Key Found: HKLM\SOFTWARE\speedypc software
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}
Key Found: [x64] HKCU\Software\DriverToolkit
Key Found: [x64] HKCU\Software\speedypc software
#9
Posted 08 November 2016 - 11:48 PM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
From what I can find out, all of those should be removed. Run AdwCleaner again and then check all and click Clean.
#10
Posted 09 November 2016 - 07:07 AM
JoeX
- Topic Starter
-
- Member
-
- 7 posts
New Member
Thanks dbreeze. I have attached the info that you requested.
Attached Files
-
AdwCleanerS0.txt 2.23KB
222 downloads
-
Malware Scan Log.txt 3.37KB
158 downloads
#11
Posted 10 November 2016 - 01:21 AM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
How is your system running now?
#12
Posted 10 November 2016 - 07:16 AM
JoeX
- Topic Starter
-
- Member
-
- 7 posts
New Member
Much better. Thank you dbreeze for your help.
#13
Posted 11 November 2016 - 02:33 AM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
Cool! A good worker always cleans up after themselves so let's get the tools off your system and get you on your way please.
All right!! 
Your logs are clean and you're good to go now!! 
We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. 
Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. 
Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
- Download Delfix from here to your desktop and double click it to start the program
- Ensure Remove disinfection tools is ticked
Also tick: - Activate UAC
- Create registry backup
- Purge system restore
- Reset system settings
- Click Run
- The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
You can delete any log files left on your desktop as these are no longer needed.
Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.
- Click Start and then type Settings.
- Whe the Search list is populated, under Programs, click on Settings.
- Click on the Update and Security and select Advanced Options under Windows Updates.
- Check that Automatic (recommended)is selected.
- You can close the Settings page after that.
Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.
Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).
You are now done! 
Now some information on programs to help keep you safe:
First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus
Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully
=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.
Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.
Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.
You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
#14
Posted 21 November 2016 - 01:12 AM
dbreeze
-
- Malware Removal
-
- 2,216 posts
Trusted Helper
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
