Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

same lady from church ... new stuff wrong


  • This topic is locked This topic is locked

#1
moondog830

moondog830

    Member

  • Member
  • PipPipPip
  • 626 posts

I have told her and told her NOT to just click on stuff ... but ... 

 

one thing I know is wrong ... she has somehow gotten pcsupportdesk.co on her laptop and now there are pop-ups galore ... help please

 

FRST SCAN

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Penny S Farris (administrator) on DESKTOP-7HJLTT7 (15-03-2017 08:29:20)
Running from C:\Users\bubbl\Desktop
Loaded Profiles: Penny S Farris (Available Profiles: Penny S Farris)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AppVerifierService) C:\ProgramData\ASCValidator\ASCValidatorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTA579.tmp
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(advancedpctools.com) C:\Program Files\Advance-System Care\asc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\bubbl\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Slimware Utilities Holdings, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PCVARK) C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2017-02-28] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKLM-x32\...\Run: [ClearScreen Player] => C:\Program Files (x86)\ClearScreenPlayer\ClearScreenPlayer.exe [439712 2016-04-20] ()
HKLM-x32\...\RunOnce: [Guhutucesit] => C:\WINDOWS\SysWoW64\wscript.exe /E:vbscript /B "C:\Users\bubbl\AppData\Roaming\Disoperat"
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Dropbox Update] => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-16] (Dropbox, Inc.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [ClearScreen Player] => C:\Program Files (x86)\ClearScreenPlayer\ClearScreenPlayer.exe [439712 2016-04-20] ()
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [BingSvc] => C:\Users\bubbl\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Chromium] => c:\users\bubbl\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26201280 2016-07-25] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [108456 2016-05-05] ()
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\RunOnce: [Uninstall C:\Users\bubbl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bubbl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [1269848 2017-02-14] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-30]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72caaa9f-c5f5-4583-9363-1bb4938bbca0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{72caaa9f-c5f5-4583-9363-1bb4938bbca0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{746df8de-bd5f-4f4d-9602-729aa8db16a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{746df8de-bd5f-4f4d-9602-729aa8db16a4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ee42c699-068b-44b3-870d-c0cd49250b5e}: [DhcpNameServer] 82.163.142.7
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c77d62fb&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c77d62fb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-2430580443-1646431325-2133495863-1001: @citrixonline.com/appdetectorplugin -> C:\Users\bubbl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-09] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://kgpcmjeckonpfoaacknfdaaehpjbflhl/stubby.html", Active:"chrome-extension://icgmhdpmdghobfppgncpanbehbecdhpb/stubby.html", Active:"chrome-extension://kmeplklncpfkhbkdogjognkoafdnpmha/newtab/newtab.html", Active:"chrome-extension://ianibjjlmopilahjckdaimnghbdlngkh/stubby.html", Active:"chrome-extension://kgdipifddaiedehdphnflapcinbndgmb/stubby.html", Not-active:"chrome-extension://ijjnmdphpnlnelhbhefnfmimenjgbfcn/stubby.html", Not-active:"chrome-extension://hjfmdccpchjbocfcmenkfmkcbmoldfee/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxp://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Profile: C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (Google Slides) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-11]
CHR Extension: (Google Docs) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-11]
CHR Extension: (Google Drive) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-11]
CHR Extension: (YouTube) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (ArcadeFiesta Ads) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceehkmnchcmeefgindfjiggfncpfckf [2017-02-10]
CHR Extension: (Advertisement offers by GameZooks) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnhgkolepibaegjheeeblkgfmpankac [2016-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-11]
CHR Extension: (ArcadeSauce) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgebohojipdmejkbbnjlfhcpfehhnepn [2016-09-25]
CHR Extension: (FindYourMaps) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjfmdccpchjbocfcmenkfmkcbmoldfee [2017-02-08]
CHR Extension: (GamingWonderland) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianibjjlmopilahjckdaimnghbdlngkh [2017-01-10]
CHR Extension: (PDFConverterHQ) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgmhdpmdghobfppgncpanbehbecdhpb [2017-01-16]
CHR Extension: (MapsGalaxy) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2016-11-18]
CHR Extension: (Ask Web Search) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo [2017-01-10]
CHR Extension: (FindMeFreebies) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdipifddaiedehdphnflapcinbndgmb [2016-11-19]
CHR Extension: (EasyMailLogin) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpcmjeckonpfoaacknfdaaehpjbflhl [2017-02-27]
CHR Extension: (Login Faster) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmeplklncpfkhbkdogjognkoafdnpmha [2017-01-10]
CHR Extension: (iWin New Tab) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\leomkkljcdgegflamofjilaekhgiiake [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [leomkkljcdgegflamofjilaekhgiiake] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0231371488514182mcinstcleanup; C:\WINDOWS\TEMP\023137~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 ASCValidator; C:\ProgramData\ASCValidator\ASCValidatorService.exe [29696 2016-09-13] (AppVerifierService) [File not signed]
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-16] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2017-02-28] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-30] ()
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-07-25] (SlimWare Utilities, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2017-02-28] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-02-28] (Realtek                                            )
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [418784 2017-02-28] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-05-16] (Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-03-15] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-15 08:23 - 2017-03-15 08:28 - 02424832 _____ (Farbar) C:\Users\bubbl\Desktop\FRST64.exe
2017-03-09 18:00 - 2017-03-09 18:00 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-06 16:59 - 2017-03-06 17:05 - 00000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0c039344d2f910be
2017-03-06 16:58 - 2017-03-06 16:58 - 00000000 ____D C:\Users\bubbl\AppData\Local\Deployment
2017-03-06 16:58 - 2017-03-06 16:58 - 00000000 ____D C:\Users\bubbl\AppData\Local\Apps\2.0
2017-02-28 23:17 - 2017-02-28 23:16 - 00428648 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2017-02-28 23:17 - 2017-02-28 23:16 - 00329832 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo54.dll
2017-02-28 23:17 - 2017-02-28 23:16 - 00064104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2017-02-28 23:17 - 2017-02-28 23:16 - 00060008 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2017-02-28 23:17 - 2017-02-28 23:16 - 00057448 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2017-02-28 23:13 - 2017-02-28 23:12 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2017-02-28 23:10 - 2017-02-28 23:10 - 00001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2017-02-28 23:09 - 2017-02-28 23:07 - 72520720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-02-28 23:09 - 2017-02-28 23:07 - 06764662 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-02-28 23:09 - 2017-02-28 23:07 - 03203592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-02-28 23:09 - 2017-02-28 23:07 - 02706864 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02203752 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02073096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01360520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01041744 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01001800 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00864352 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00858208 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00854032 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00725944 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00498648 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00438704 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00112496 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-02-28 23:08 - 2017-02-28 23:06 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-02-28 23:02 - 2017-02-28 23:01 - 00418784 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2017-02-28 22:56 - 2017-02-28 23:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-28 22:56 - 2017-02-28 22:56 - 00003224 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2017-02-28 22:55 - 2015-08-31 00:26 - 00041400 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd6.sys
2017-02-27 16:51 - 2017-02-27 16:52 - 00108559 _____ C:\Users\bubbl\Downloads\Application 2017.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-15 08:31 - 2016-07-16 16:00 - 00024590 _____ C:\Users\bubbl\Desktop\FRST.txt
2017-03-15 08:29 - 2016-07-11 14:24 - 00000000 ____D C:\FRST
2017-03-15 08:24 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 08:24 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-15 08:20 - 2015-07-10 04:04 - 00000187 _____ C:\WINDOWS\win.ini
2017-03-15 08:18 - 2016-05-16 20:33 - 00000000 ____D C:\Users\bubbl\Documents\YouCam
2017-03-15 08:17 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-15 08:15 - 2016-10-26 17:29 - 00003174 _____ C:\WINDOWS\System32\Tasks\Advance-System Care_Logon
2017-03-15 08:15 - 2016-05-16 20:53 - 00000000 ___RD C:\Users\bubbl\Dropbox
2017-03-15 08:13 - 2016-08-27 11:43 - 00000468 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2017-03-15 08:13 - 2016-06-24 17:33 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Skype
2017-03-15 08:12 - 2016-08-27 11:43 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-03-12 10:14 - 2016-08-12 04:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-10 23:18 - 2016-10-26 16:21 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\MahJong Suite
2017-03-10 10:02 - 2016-08-27 10:37 - 00000000 ____D C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}
2017-03-09 18:01 - 2016-05-16 20:49 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Dropbox
2017-03-09 18:01 - 2016-05-16 20:42 - 00000000 ____D C:\Users\bubbl\AppData\Local\Dropbox
2017-03-08 11:38 - 2017-01-14 19:58 - 00000000 ____D C:\Program Files\TrueKey
2017-03-08 11:37 - 2016-08-30 18:40 - 00003178 _____ C:\WINDOWS\System32\Tasks\Advanced System Care_Logon
2017-03-08 11:35 - 2016-11-02 01:50 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\{5E6668DD-7B34-05AB-1002-2279CCD0DF47}
2017-03-08 11:35 - 2016-08-31 01:38 - 00000294 _____ C:\Users\bubbl\AppData\Roaming\WB.CFG
2017-03-04 19:08 - 2016-05-16 20:32 - 00000000 ____D C:\Users\bubbl\AppData\Local\Packages
2017-03-02 21:14 - 2016-08-12 04:15 - 01366386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-02 21:09 - 2017-01-14 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-02 21:09 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-02 21:08 - 2016-09-03 17:51 - 00003010 _____ C:\appverifier.txt
2017-03-02 21:07 - 2016-08-12 04:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 21:07 - 2016-03-20 02:55 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2017-02-28 23:17 - 2015-07-13 09:28 - 00000000 ____D C:\SWSetup
2017-02-28 23:16 - 2016-05-17 21:57 - 00902248 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-02-28 23:16 - 2016-05-17 21:57 - 00803944 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2017-02-28 23:16 - 2016-05-17 21:57 - 00278632 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2017-02-28 23:16 - 2016-05-16 20:24 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-02-28 23:13 - 2016-03-20 01:54 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-02-28 23:12 - 2016-03-20 01:58 - 00943112 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-02-28 23:10 - 2016-08-12 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-02-28 23:10 - 2016-08-12 04:10 - 00011070 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-02-28 23:10 - 2016-08-12 04:10 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-28 23:10 - 2016-03-20 01:54 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-02-28 23:07 - 2016-03-20 01:54 - 05251592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-02-28 23:07 - 2016-03-20 01:54 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 03133152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-02-28 23:06 - 2016-03-20 01:54 - 01608128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-02-28 23:05 - 2016-03-20 01:54 - 02838232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-02-28 23:02 - 2016-08-12 04:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-28 22:56 - 2016-03-20 02:22 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-02-28 22:55 - 2016-03-20 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-02-28 22:55 - 2016-03-20 01:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 22:51 - 2016-03-20 02:23 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-02-28 22:51 - 2016-03-20 02:22 - 00000000 ____D C:\ProgramData\Temp
2017-02-28 22:27 - 2016-11-22 21:33 - 00000000 ____D C:\Users\bubbl\AppData\Local\ElevatedDiagnostics
2017-02-28 22:26 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-24 22:00 - 2016-08-12 04:16 - 00000000 ____D C:\Users\bubbl
2017-02-24 20:10 - 2017-01-25 02:28 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPenny S Farris.job
2017-02-24 20:10 - 2017-01-14 19:58 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-24 20:10 - 2017-01-14 19:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-24 20:09 - 2016-07-15 23:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 19:22 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-24 19:21 - 2016-05-18 18:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 19:14 - 2016-05-18 18:01 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 20:08 - 2017-01-25 02:28 - 00003328 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPenny S Farris
2017-02-22 19:37 - 2016-12-09 18:08 - 00003308 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 19:37 - 2016-05-16 20:37 - 00002374 _____ C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 19:37 - 2016-05-16 20:37 - 00000000 ___RD C:\Users\bubbl\OneDrive
2017-02-18 21:28 - 2017-01-14 20:12 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-02-14 23:57 - 2017-01-14 19:58 - 00004000 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 23:57 - 2017-01-14 19:58 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-14 23:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 23:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
 
==================== Files in the root of some directories =======
 
2016-11-02 01:50 - 2016-11-02 01:50 - 0020008 _____ () C:\Users\bubbl\AppData\Roaming\Disoperat
2016-08-31 01:38 - 2017-03-08 11:35 - 0000294 _____ () C:\Users\bubbl\AppData\Roaming\WB.CFG
 
Files to move or delete:
====================
C:\Windows\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job
C:\Windows\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job
 
 
Some files in TEMP:
====================
2016-08-24 16:21 - 2016-08-24 16:21 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/)C:\Users\bubbl\AppData\Local\Temp\libeay32.dll
2016-08-24 16:21 - 2016-08-24 16:21 - 0970912 _____ (Microsoft Corporation) C:\Users\bubbl\AppData\Local\Temp\msvcr120.dll
2016-08-27 10:36 - 2017-01-16 12:29 - 0086968 _____ (iWin inc.) C:\Users\bubbl\AppData\Local\Temp\preinstall-options.exe
2016-08-27 11:43 - 2016-08-27 11:43 - 0205656 _____ (SlimWare Utilities, Inc.) C:\Users\bubbl\AppData\Local\Temp\scp22BD.tmp.exe
2016-08-24 16:21 - 2016-08-24 16:21 - 0772672 _____ () C:\Users\bubbl\AppData\Local\Temp\sqlite3.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-26 18:57
 
==================== End of FRST.txt ============================
 
 
ADDITION SCAN
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Penny S Farris (15-03-2017 08:35:20)
Running from C:\Users\bubbl\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-12 11:40:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2430580443-1646431325-2133495863-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2430580443-1646431325-2133495863-503 - Limited - Disabled)
Guest (S-1-5-21-2430580443-1646431325-2133495863-501 - Limited - Disabled)
Penny S Farris (S-1-5-21-2430580443-1646431325-2133495863-1001 - Administrator - Enabled) => C:\Users\bubbl
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2D Mahjong Temple (HKLM-x32\...\2D Mahjong Temple) (Version:  - iWin.com)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced System Care (HKLM\...\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.12966 - advancedpctools.com)
Advance-System Care (HKLM\...\{F851A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.16074 - advancedpctools.com)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Powered Search (HKLM-x32\...\BingPoweredSearch) (Version:  - )
BingProvidedSearch (HKLM-x32\...\{89E56125-D965-B0A5-68E5-C025B86513A5}) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
callofwar (HKLM-x32\...\{CE2320B6-5A53-41A3-A549-14CC1FBCE06A}_is1) (Version: 2.2.1.9 - callofwar)
Chromium (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Chromium) (Version: 51.0.2672.0 - Chromium)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
ClearScreen Player (HKLM-x32\...\{344E6832-0DAE-43F5-841C-7EDBFB7EF235}) (Version: 1.6.2.2 - ClearScreen Player)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.6.5 - Slimware Utilities Holdings, Inc.)
DriverUpdate (x32 Version: 2.6.5 - Slimware Utilities Holdings, Inc.) Hidden
Dropbox (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fantasy Mosaics 17: New Palette (HKLM-x32\...\Fantasy Mosaics 17: New Palette) (Version: 1.0.0.0 - iWin.com)
Games Manager (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\GamesManager) (Version: 2.13.5.801 - iWin Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match: Twilight (HKLM-x32\...\BFG-Jewel Match - Twilight) (Version:  - )
MahJong Suite 2016 v13.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 13.0 - TreeCardGames)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version:  - )
Sir Match-a-Lot (HKLM-x32\...\BFG-Sir Match-a-Lot) (Version:  - )
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
SlimCleaner Plus (Version: 2.5.8 - Slimware Utilities Holdings, Inc.) Hidden
Space Mahjong (x32 Version: 1.1.2.4 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Universal Driver Updater (HKLM-x32\...\{03E33667-F180-4D3C-9A88-10020AB6AEEF}_is1) (Version: 1.1.0.0 - universaldriverupdator.com)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E1058B-4512-41F1-B027-07CFBFF3C667} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001Core1d23cb0df49b8aa => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-16] (Dropbox, Inc.)
Task: {0B48002D-0302-4951-A887-24FBAC07A016} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-10-29] (CyberLink Corp.)
Task: {0C57387C-9D69-4083-BADA-24D6B2ADA18A} - System32\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52} => C:\Users\bubbl\AppData\Roaming\{5E666~1\SYNHEL~1.EXE [2013-04-11] () <==== ATTENTION
Task: {0EA003A3-8873-4358-BA4D-34AA2CCFD32A} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-30] (AVAST Software)
Task: {0F9A7B03-1B79-43F3-AFF4-26D089C92890} - System32\Tasks\Universal\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-26] (PCVARK)
Task: {292752D1-FF62-4D37-A394-105159A8BD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2A461DF9-7F32-48AE-AC6C-EEB3B6C44632} - System32\Tasks\Advanced System Care_Logon => C:\Program Files\Advanced System Care\asc.exe [2016-08-23] (advancedpctools.com)
Task: {2FAF2A4A-5057-4DDF-95AA-36A76BC1430F} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {37DA90C2-8D55-492F-82D8-EA5694E2766E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Penny S Farris) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2016-07-25] (Slimware Utilities Holdings, Inc.)
Task: {44C40CDD-A054-401D-81C7-552E2FE974EE} - System32\Tasks\Advance-System Care_Logon => C:\Program Files\Advance-System Care\asc.exe [2016-10-21] (advancedpctools.com)
Task: {4F38FF77-8221-4272-9C60-4923072C75C1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {561B738F-9CF9-41B9-BC2D-BEBCED6EA998} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} - System32\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123} => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe [2013-04-11] () <==== ATTENTION
Task: {79BB5360-FA5D-4472-8B6B-4EA6AE8CB3AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {7DEFC3F2-E4CF-4E39-B182-06AA04C596F2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {8994D8B1-6C39-444E-8410-E30735F35F04} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {8ADAAC3E-ADB6-44A9-AE15-E3A1DFAD66AF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001UA1d23cb0e061f8cc => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-16] (Dropbox, Inc.)
Task: {8E4085FC-8C3A-4FFC-9F76-56C62C72D5BA} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2016-08-15] (SlimWare Utilities, Inc.)
Task: {987EC89B-6441-4E10-8747-0012C67AE1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {A51914EB-AA7F-46FA-A127-881C8AC5197C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {AA6C8269-2D8E-48F2-AF09-48F1E1393D7A} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2016-08-15] (SlimWare Utilities, Inc.)
Task: {C1E146EB-EADF-4429-A24E-25AD9CDFFD06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {C864FF4C-7D0F-42D7-AA85-C871D2E570AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-02-10] (HP Inc.)
Task: {CE78FECC-058A-4767-AB55-03B208A04860} - System32\Tasks\Bing Powered Search ridid => Wscript.exe "C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}\sita.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b43354441303042392d344639382d384137462d433935452d3134334435333143394646337d5c6e6f6369646f" "433a5c50726f6772616d446174615c7b43354441303042392d344639382d384137462d433935 (the data entry has 78 more characters).
Task: {E3E3C738-7BB9-4F03-AF13-1E278A288662} - System32\Tasks\Universal\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-26] (PCVARK)
Task: {E7800190-BF7B-4BF7-83E0-84E93D5B0EA8} - System32\Tasks\HPCeeScheduleForPenny S Farris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E9434032-F33F-4AE6-9260-7E5A35505232} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {EC400A52-0BA1-4702-B6C6-AE1658F0B571} - System32\Tasks\{59AB081C-DA7D-4C8D-9748-19E34FE17A99} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.23.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {F32E8553-76CF-454E-8E55-66CE4CB5A694} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {F3D07AB5-2CE3-4458-93E7-184DEB28A746} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {F8862245-8BE5-4927-92B8-2B8C013E4D6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {FB4F97AA-C78D-4AD2-B204-B862769B4084} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-05-16] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bing Powered Search ridid.job => Wscript.exe  C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}\sita.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001Core1d23cb0df49b8aa.job => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001UA1d23cb0e061f8cc.job => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPenny S Farris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Penny S Farris).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job => 
Task: C:\WINDOWS\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games\Play iWin Games.lnk -> C:\Users\bubbl\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games\Games\Launch - 2D Mahjong Temple.lnk -> C:\Users\bubbl\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.sku=6898624509206276256 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-20 02:45 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-05-30 14:22 - 2016-05-30 14:22 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-07-25 17:35 - 2016-07-25 17:35 - 00763072 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 17:22 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 17:22 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-30 20:06 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-15 18:45 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-15 18:44 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-15 18:44 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-18 23:18 - 2016-05-05 08:41 - 00108456 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2017-02-07 17:31 - 2017-02-01 02:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 17:31 - 2017-02-01 02:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-09 18:00 - 2017-03-06 13:59 - 00807232 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-03-09 18:00 - 2017-02-08 19:19 - 00035792 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00100296 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00018888 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\select.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00019776 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00694224 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00020824 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00123856 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01682768 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00020816 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00145864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00019408 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00116688 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-03-09 18:00 - 2017-02-08 19:22 - 00105928 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00038712 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00060736 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024528 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00175560 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00392144 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-09 18:00 - 2017-02-08 19:22 - 00020936 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00116176 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00381760 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00124880 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00030160 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00043472 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00048592 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00057808 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00246608 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00027488 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-09 18:00 - 2017-02-08 19:21 - 00241104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022336 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00025432 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00028616 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01826104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00083912 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01972536 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 03928896 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00531264 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00053072 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00133432 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00224064 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00207680 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00069968 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00021848 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00350152 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00103232 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00023896 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00025936 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 18:00 - 2017-02-08 19:17 - 00036296 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00033112 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-03-09 18:00 - 2016-12-02 14:44 - 00293392 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00084288 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-03-09 18:00 - 2017-02-08 19:27 - 00017864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-09 18:00 - 2017-02-08 19:27 - 01631184 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00042816 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00171336 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00357688 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00060880 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00546104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-08-27 10:38 - 2016-03-09 01:40 - 02204160 _____ () C:\Users\bubbl\AppData\Local\chromium\Application\51.0.2672.0\libglesv2.dll
2016-08-27 10:38 - 2016-03-09 01:40 - 00075776 _____ () C:\Users\bubbl\AppData\Local\chromium\Application\51.0.2672.0\libegl.dll
2016-05-30 14:22 - 2016-05-30 14:22 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:27C9AEEC [152]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:3310F70A [374]
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0 [106]
AlternateDataStreams: C:\ProgramData\Temp:7929462F [144]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 04:04 - 2017-02-03 20:04 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6A0260BE-0CB7-408D-8946-1F2DD87DCC67}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BA1D7740-43F4-4D93-A317-EC0319446F17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A087CAB0-4EE1-44BB-89F3-40BB61158453}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB242D16-013A-4AC6-A707-270AB2C85118}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3915A0F-F3BF-49EE-9442-4F3D55357E5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2DBDF80-924A-4559-9CCB-1BD1FAE53868}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{BCDEEEE7-04F1-471C-B869-11D76FDB1188}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{D5C1FAED-DCBE-4EE8-AC34-B03BD14A80DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{6A370A8F-CE1A-4AE9-8A2E-377333D0021B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A7490464-3A5A-410A-9D46-2EE6E4F8D241}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{5AEC090C-9723-4872-99D9-9F43EB750C98}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C4B52D8B-4F29-4E98-AAFC-F7E4639BD39B}] => (Allow) C:\Users\bubbl\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{A2E241DA-40A1-4CCF-B0C6-3A939564E67D}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{0EB27E84-912B-4755-B9D6-F7DEB246C2DE}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{26C9F323-9509-4630-9F96-CE7BE4FA3CCC}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{2E11E209-57A5-4C8A-8171-6411A27F92E4}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\tvnserver.exe
FirewallRules: [{4D734000-8444-46DB-B776-7B5680EF32B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-02-2017 18:06:21 Scheduled Checkpoint
21-02-2017 01:48:41 Scheduled Checkpoint
24-02-2017 19:12:29 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2017 10:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20906
 
Error: (03/10/2017 10:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20906
 
Error: (03/10/2017 10:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/10/2017 10:26:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19844
 
Error: (03/10/2017 10:26:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19844
 
Error: (03/10/2017 10:26:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/10/2017 10:26:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18406
 
Error: (03/10/2017 10:26:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18406
 
Error: (03/10/2017 10:26:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/10/2017 10:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8359
 
 
System errors:
=============
Error: (03/15/2017 08:23:26 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (03/10/2017 11:18:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/10/2017 05:33:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/10/2017 12:27:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 02:57:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/08/2017 12:25:44 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (03/08/2017 11:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (03/06/2017 09:43:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/06/2017 11:15:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/06/2017 12:53:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-16 22:57:15.725
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-16 22:57:15.721
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-14 18:57:40.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-14 18:57:40.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-09 17:20:58.357
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-09 17:20:58.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-09 16:52:06.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-09 16:52:06.725
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-09 16:51:29.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-09 16:51:29.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 3985.95 MB
Available physical RAM: 1554.15 MB
Total Virtual: 7267.07 MB
Available Virtual: 3703.62 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.88 GB) (Free:384.25 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.66 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E40E8831)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Download the enclosed => file.Attached File  fixlist.txt   5.64KB   19 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

Next

Please download adwCleaner to your desktop.
[list]
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next
  • *]Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

    In your next reply post the:
  • Adware cleaner log
  • Junkware removal log
  • Fix log

    Thanks
    Joe :)

  • 0

#3
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts

Just a quick note, I don't always have this lady's laptop with me (she doesn't have it until I'm totally done) ... so it may take a day or two to get back to you on fixing this. Thanks for helping me/her

 

FixLog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Penny S Farris (18-03-2017 06:29:12) Run:2
Running from C:\Users\bubbl\Desktop
Loaded Profiles: Penny S Farris (Available Profiles: Penny S Farris)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c77d62fb&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c77d62fb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
CHR NewTab: Default ->  Not-active:"chrome-extension://kgpcmjeckonpfoaacknfdaaehpjbflhl/stubby.html", Active:"chrome-extension://icgmhdpmdghobfppgncpanbehbecdhpb/stubby.html", Active:"chrome-extension://kmeplklncpfkhbkdogjognkoafdnpmha/newtab/newtab.html", Active:"chrome-extension://ianibjjlmopilahjckdaimnghbdlngkh/stubby.html", Active:"chrome-extension://kgdipifddaiedehdphnflapcinbndgmb/stubby.html", Not-active:"chrome-extension://ijjnmdphpnlnelhbhefnfmimenjgbfcn/stubby.html", Not-active:"chrome-extension://hjfmdccpchjbocfcmenkfmkcbmoldfee/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxp://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
GroupPolicy: Restriction <======= ATTENTION
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
C:\Windows\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job
C:\Windows\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job
Task: {0C57387C-9D69-4083-BADA-24D6B2ADA18A} - System32\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52} => C:\Users\bubbl\AppData\Roaming\{5E666~1\SYNHEL~1.EXE [2013-04-11] () <==== ATTENTION
Task: {CE78FECC-058A-4767-AB55-03B208A04860} - System32\Tasks\Bing Powered Search ridid => Wscript.exe "C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}\sita.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b43354441303042392d344639382d384137462d433935452d3134334435333143394646337d5c6e6f6369646f" "433a5c50726f6772616d446174615c7b43354441303042392d344639382d384137462d433935 (the data entry has 78 more characters).
Task: C:\WINDOWS\Tasks\Bing Powered Search ridid.job => Wscript.exe  C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}\sita.txt <==== ATTENTION
C:\WINDOWS\Tasks\Bing Powered Search ridid.job
Task: C:\WINDOWS\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe <==== ATTENTION
C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe
AlternateDataStreams: C:\ProgramData\Temp:27C9AEEC [152]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:3310F70A [374]
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0 [106]
AlternateDataStreams: C:\ProgramData\Temp:7929462F [144]
C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}
Task: C:\WINDOWS\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job => 
C:\Users\bubbl\AppData\Roaming\{5E666~1\SYNHEL~1.EXE [2013-04-11]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} => key removed successfully
HKCR\CLSID\{26080cad-4adc-49ac-8c63-eda16e595cbd} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836} => key removed successfully
HKCR\CLSID\{f7bb050c-e116-44da-89c2-6f2b68c54836} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} => key removed successfully
HKCR\Wow6432Node\CLSID\{26080cad-4adc-49ac-8c63-eda16e595cbd} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836} => key removed successfully
HKCR\Wow6432Node\CLSID\{f7bb050c-e116-44da-89c2-6f2b68c54836} => key not found. 
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} => key removed successfully
HKCR\CLSID\{26080cad-4adc-49ac-8c63-eda16e595cbd} => key not found. 
Chrome NewTab => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\InstallerService => key removed successfully
InstallerService => service removed successfully
C:\Windows\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job => moved successfully
C:\Windows\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C57387C-9D69-4083-BADA-24D6B2ADA18A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C57387C-9D69-4083-BADA-24D6B2ADA18A} => key removed successfully
C:\WINDOWS\System32\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{162CBFFF-FBB6-0460-4EB2-502E03141E52} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE78FECC-058A-4767-AB55-03B208A04860} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE78FECC-058A-4767-AB55-03B208A04860} => key removed successfully
C:\WINDOWS\System32\Tasks\Bing Powered Search ridid => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bing Powered Search ridid => key removed successfully
C:\WINDOWS\Tasks\Bing Powered Search ridid.job => moved successfully
"C:\WINDOWS\Tasks\Bing Powered Search ridid.job" => not found.
C:\WINDOWS\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job => not found.
C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe => moved successfully
C:\ProgramData\Temp => ":27C9AEEC" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":3310F70A" ADS removed successfully.
C:\ProgramData\Temp => ":6F1F66C0" ADS removed successfully.
C:\ProgramData\Temp => ":7929462F" ADS removed successfully.
C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3} => moved successfully
C:\WINDOWS\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job => not found.
"C:\Users\bubbl\AppData\Roaming\{5E666~1\SYNHEL~1.EXE [2013-04-11]" => not found.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{7DEF89E9-31D4-49BA-B595-7C9B53D87D3D} canceled.
{4CF54C5E-C1BC-45D4-B45C-9BD7E3FEE5AB} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88536968 B
Java, Flash, Steam htmlcache => 6838 B
Windows/system/drivers => 895268253 B
Edge => 244715917 B
Chrome => 530643437 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 475082 B
bubbl => 425934986 B
 
RecycleBin => 1586 B
EmptyTemp: => 2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 06:31:57 ====
 
AdwCleaner
 

# AdwCleaner v6.044 - Logfile created 18/03/2017 at 06:46:00
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-17.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Penny S Farris - DESKTOP-7HJLTT7
# Running from : C:\Users\bubbl\Desktop\adwcleaner_6.044.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  swdumon
Service Found:  SlimService
Service Found:  ASCValidator
Service Found:  slimservice
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Folder Found:  C:\Program Files (x86)\DriverUpdate
Folder Found:  C:\Users\Public\Documents\Downloaded Installers\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}
Folder Found:  C:\WINDOWS\Installer\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}
Folder Found:  C:\Users\bubbl\AppData\Local\iWin
Folder Found:  C:\Users\bubbl\AppData\Local\slimware utilities inc
Folder Found:  C:\Users\bubbl\AppData\Local\Downloaded Installers
Folder Found:  C:\Users\bubbl\AppData\Local\SlimWare Utilities Inc
Folder Found:  C:\Users\bubbl\AppData\Roaming\FileOpenerWindows
Folder Found:  C:\Users\bubbl\AppData\Roaming\scappmanager
Folder Found:  C:\Users\bubbl\AppData\Roaming\advancedpctools.com
Folder Found:  C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iwin games
Folder Found:  C:\Program Files\Earth Networks
Folder Found:  C:\Program Files\slimcleaner plus
Folder Found:  C:\Program Files\slimservice
Folder Found:  C:\Program Files\SlimCleaner Plus 
Folder Found:  C:\Program Files\SlimService
Folder Found:  C:\Program Files\Advance-System Care
Folder Found:  C:\ProgramData\iwin games
Folder Found:  C:\ProgramData\slimware utilities inc
Folder Found:  C:\ProgramData\PCVARK
Folder Found:  C:\ProgramData\SlimWare Utilities Inc
Folder Found:  C:\ProgramData\BSD\DriverHive
Folder Found:  C:\ProgramData\ASCValidator
Folder Found:  C:\ProgramData\advancedpctools.com
Folder Found:  C:\ProgramData\BSD
Folder Found:  C:\ProgramData\BSD\DriverHiveEngine
Folder Found:  C:\ProgramData\Application Data\iwin games
Folder Found:  C:\ProgramData\Application Data\slimware utilities inc
Folder Found:  C:\ProgramData\Application Data\PCVARK
Folder Found:  C:\ProgramData\Application Data\SlimWare Utilities Inc
Folder Found:  C:\ProgramData\Application Data\BSD\DriverHive
Folder Found:  C:\ProgramData\Application Data\ASCValidator
Folder Found:  C:\ProgramData\Application Data\advancedpctools.com
Folder Found:  C:\ProgramData\Application Data\BSD
Folder Found:  C:\ProgramData\Application Data\BSD\DriverHiveEngine
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverupdate
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus 
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Driver Updater
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance-System Care
Folder Found:  C:\Users\Public\Documents\Downloaded Installers
Folder Found:  C:\Program Files (x86)\driverupdate
Folder Found:  C:\Program Files (x86)\ShowMyPCService
Folder Found:  C:\Program Files (x86)\Universal Driver Updater
Folder Found:  C:\Program Files (x86)\DriverUpdate
Folder Found:  C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn
Folder Found:  C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjnmdphpnlnelhbhefnfmimenjgbfcn
Folder Found:  C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo
 
 
***** [ Files ] *****
 
File Found:  C:\Users\bubbl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WeatherBug®.lnk
File Found:  C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
File Found:  C:\Users\bubbl\Desktop\Universal Driver Updater.lnk
File Found:  C:\WINDOWS\SysNative\drivers\swdumon.sys
File Found:  C:\appverifier.txt
File Found:  C:\Users\Public\Desktop\slimcleaner plus.lnk
File Found:  C:\Users\Public\Desktop\driverupdate.lnk
File Found:  C:\Users\Public\Desktop\SlimCleaner Plus.lnk
File Found:  C:\Users\Public\Desktop\Advance-System Care.lnk
File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  SlimCleaner Plus (Scheduled Scan - Penny S Farris)
Task Found:  YCMServiceAgent
Task Found:  DriverUpdate Scan
Task Found:  DriverUpdate Startup
Task Found:  Universal
Task Found:  Advance-System Care_Logon
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate_is1
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}_is1
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASCValidator
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASCValidator
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\SlimWare Utilities Inc
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Earth Networks
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\csastats
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\PCVARK
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\advancedpctools.com
Key Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\BSD
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\SlimWare Utilities Inc
Key Found:  HKCU\Software\Earth Networks
Key Found:  HKCU\Software\csastats
Key Found:  HKCU\Software\PCVARK
Key Found:  HKCU\Software\advancedpctools.com
Key Found:  HKCU\Software\BSD
Key Found:  HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found:  HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found:  HKLM\SOFTWARE\PCVARK
Key Found:  HKLM\SOFTWARE\BSD
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Key Found:  [x64] HKCU\Software\PRODUCTSETUP
Key Found:  [x64] HKCU\Software\SlimWare Utilities Inc
Key Found:  [x64] HKCU\Software\Earth Networks
Key Found:  [x64] HKCU\Software\csastats
Key Found:  [x64] HKCU\Software\PCVARK
Key Found:  [x64] HKCU\Software\advancedpctools.com
Key Found:  [x64] HKCU\Software\BSD
Key Found:  [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found:  [x64] HKLM\SOFTWARE\ASCValidatorService
Key Found:  [x64] HKLM\SOFTWARE\advancedpctools.com
Key Found:  [x64] HKLM\SOFTWARE\asc-pr
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gamingwonderland.
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gamingwonderland.dl.
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gamingwonderlan
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gamingwonderland.d
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
Value Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
Value Found:  HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Key Found:  HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found:  HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Value Found:  HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [windowsfileopener.Dat]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\bubbl\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - kpocjpoifmommoiiiamepombpeoaehfh
Chrome pref Found:  [C:\Users\bubbl\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - mallpejgeafdahhflmliiahjdpgbegpk
Chrome pref Found:  [C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [13446 Bytes] - [13/07/2016 07:35:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1404 Bytes] - [11/08/2016 17:43:15]
C:\AdwCleaner\AdwCleaner[C3].txt - [2374 Bytes] - [25/08/2016 19:12:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [13490 Bytes] - [13/07/2016 06:34:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [13375 Bytes] - [13/07/2016 07:30:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [1230 Bytes] - [11/08/2016 17:30:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [2473 Bytes] - [25/08/2016 19:12:19]
C:\AdwCleaner\AdwCleaner[S5].txt - [15434 Bytes] - [18/03/2017 06:46:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [15508 Bytes] ##########
 
 
JRTlog
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64 
Ran by Penny S Farris (Administrator) on Sat 03/18/2017 at  6:51:50.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 26 
 
Failed to delete: C:\Users\bubbl\AppData\Local\slimware utilities inc (Folder) 
Failed to delete: C:\Program Files\slimservice (Folder) 
Successfully deleted: C:\ProgramData\iwin games (Folder) 
Successfully deleted: C:\ProgramData\slimware utilities inc (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\driverupdate (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\slimcleaner plus (Folder) 
Successfully deleted: C:\Users\bubbl\AppData\Local\downloaded installers (Folder) 
Successfully deleted: C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnhgkolepibaegjheeeblkgfmpankac (Folder) 
Successfully deleted: C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpnhgkolepibaegjheeeblkgfmpankac (Folder) 
Successfully deleted: C:\Users\bubbl\AppData\Local\iwin (Folder) 
Successfully deleted: C:\Users\bubbl\AppData\Roaming\fileopenerwindows (Folder) 
Successfully deleted: C:\Users\bubbl\Start Menu\Programs\iwin games (Folder) 
Successfully deleted: C:\Users\Public\Desktop\driverupdate.lnk (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\slimcleaner plus.lnk (Shortcut) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\WINDOWS\system32\drivers\swdumon.sys (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Advanced System Care_Logon (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\DriverUpdate Scan (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\DriverUpdate Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SlimCleaner Plus (Scheduled Scan - Penny S Farris) (Task)
Successfully deleted: C:\WINDOWS\Tasks\DriverUpdate Scan.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\DriverUpdate Startup.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Penny S Farris).job (Task) 
Successfully deleted: C:\Program Files (x86)\driverupdate (Folder) 
Successfully deleted: C:\Program Files\earth networks (Folder) 
Successfully deleted: C:\Program Files\slimcleaner plus (Folder) 
 
 
 
Registry: 5 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherBug (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0231371488514182mcinstcleanup (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SlimService (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/18/2017 at  6:57:27.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts
Hello,

Please run the clean option in AdwCleaner if you have not done so.

Next

Run a Malwarebytes scan. The user already has it installed so you may skip the download pare of my instructions. Do open Malwarebytes an tick scan for rootkits as indicated in instructions.

make sure that in Malwarebytes Anti-Malware the option to “Scan for rootkits” is checked under “Settings” > “Detection and Protection” before you start the “Scan”.


  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    Your next reply should include:

    Post a new adwcleaner log.
    Post the Malwarebytes log.

    Thanks
    Joe


  • 0

#5
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts

sorry ... forgot to run the clean ... ran it this time.

 

Cleanlog

 

# AdwCleaner v6.044 - Logfile created 19/03/2017 at 07:24:45
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-17.2 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Penny S Farris - DESKTOP-7HJLTT7
# Running from : C:\Users\bubbl\Desktop\adwcleaner_6.044.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: swdumon
[-] Service deleted: SlimService
[-] Service deleted: ASCValidator
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\WINDOWS\Installer\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}
[-] Folder deleted: C:\Users\bubbl\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\bubbl\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\bubbl\AppData\Roaming\scappmanager
[-] Folder deleted: C:\Users\bubbl\AppData\Roaming\advancedpctools.com
[-] Folder deleted: C:\Program Files\slimservice
[#] Folder deleted on reboot: C:\Program Files\SlimService
[-] Folder deleted: C:\Program Files\Advance-System Care
[-] Folder deleted: C:\ProgramData\PCVARK
[-] Folder deleted: C:\ProgramData\BSD\DriverHive
[-] Folder deleted: C:\ProgramData\ASCValidator
[-] Folder deleted: C:\ProgramData\advancedpctools.com
[-] Folder deleted: C:\ProgramData\BSD
[#] Folder deleted on reboot: C:\ProgramData\BSD\DriverHiveEngine
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PCVARK
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD\DriverHive
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ASCValidator
[#] Folder deleted on reboot: C:\ProgramData\Application Data\advancedpctools.com
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD\DriverHiveEngine
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Driver Updater
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance-System Care
[-] Folder deleted: C:\Program Files (x86)\ShowMyPCService
[-] Folder deleted: C:\Program Files (x86)\Universal Driver Updater
[-] Folder deleted: C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjnmdphpnlnelhbhefnfmimenjgbfcn
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\bubbl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WeatherBug®.lnk
[-] File deleted: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
[-] File deleted: C:\Users\bubbl\Desktop\Universal Driver Updater.lnk
[-] File deleted: C:\appverifier.txt
[-] File deleted: C:\Users\Public\Desktop\Advance-System Care.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: YCMServiceAgent
[-] Task deleted: Universal
[-] Task deleted: Advance-System Care_Logon
 
 
***** [ Registry ] *****
 
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\slimservice
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}_is1
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASCValidator
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASCValidator
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Earth Networks
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\PCVARK
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\advancedpctools.com
[-] Key deleted: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\BSD
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Earth Networks
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\PCVARK
[#] Key deleted on reboot: HKCU\Software\advancedpctools.com
[#] Key deleted on reboot: HKCU\Software\BSD
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\PCVARK
[-] Key deleted: HKLM\SOFTWARE\BSD
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\Earth Networks
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\PCVARK
[#] Key deleted on reboot: [x64] HKCU\Software\advancedpctools.com
[#] Key deleted on reboot: [x64] HKCU\Software\BSD
[-] Key deleted: [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: [x64] HKLM\SOFTWARE\ASCValidatorService
[-] Key deleted: [x64] HKLM\SOFTWARE\advancedpctools.com
[-] Key deleted: [x64] HKLM\SOFTWARE\asc-pr
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gamingwonderland.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gamingwonderland.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gamingwonderland.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gamingwonderland.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Value deleted: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [windowsfileopener.Dat]
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\bubbl\AppData\Local\Chromium\User Data\Default] [extension] Deleted: kpocjpoifmommoiiiamepombpeoaehfh
[-] [C:\Users\bubbl\AppData\Local\Chromium\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [13446 Bytes] - [13/07/2016 07:35:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1404 Bytes] - [11/08/2016 17:43:15]
C:\AdwCleaner\AdwCleaner[C3].txt - [2374 Bytes] - [25/08/2016 19:12:34]
C:\AdwCleaner\AdwCleaner[C4].txt - [13498 Bytes] - [19/03/2017 07:24:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [13490 Bytes] - [13/07/2016 06:34:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [13375 Bytes] - [13/07/2016 07:30:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [1230 Bytes] - [11/08/2016 17:30:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [2473 Bytes] - [25/08/2016 19:12:19]
C:\AdwCleaner\AdwCleaner[S5].txt - [15720 Bytes] - [18/03/2017 06:46:00]
C:\AdwCleaner\AdwCleaner[S6].txt - [13075 Bytes] - [19/03/2017 07:23:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [14014 Bytes] ##########
 
 
Malwarebytes Scanlog
 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/19/17
Scan Time: 1:17 PM
Logfile: malwarebytes scanlog.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1540
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-7HJLTT7\Penny S Farris
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388098
Time Elapsed: 6 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 12
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Quarantined, [1212], [335833],1.0.1540
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Quarantined, [1212], [335833],1.0.1540
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Quarantined, [1212], [335833],1.0.1540
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{959D527D-6C27-4879-A644-065526D6969C}, Quarantined, [1212], [335833],1.0.1540
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}, Quarantined, [1212], [335836],1.0.1540
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}, Quarantined, [1212], [335831],1.0.1540
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\a92e2408, Quarantined, [117], [302717],1.0.1540
PUP.Optional.ClearScreenPlayer, HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\clearscreenplayer.com, Quarantined, [18468], [261502],1.0.1540
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\MICROSOFT\TRACING\asc_RASAPI32, Quarantined, [1377], [333222],1.0.1540
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\MICROSOFT\TRACING\asc_RASMANCS, Quarantined, [1377], [333222],1.0.1540
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [1603], [333219],1.0.1540
PUP.Optional.WinYahoo, HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarantined, [117], [262014],1.0.1540
 
Registry Value: 2
Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|GUHUTUCESIT, Quarantined, [3181], [367966],1.0.1540
PUP.Optional.WinYahoo, HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Quarantined, [117], [262014],1.0.1540
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 5
PUP.Optional.InternetMonitor, C:\Users\bubbl\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_347\Logs, Quarantined, [15321], [182462],1.0.1540
PUP.Optional.InternetMonitor, C:\USERS\BUBBL\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\BandwidthStat_347, Quarantined, [15321], [182462],1.0.1540
PUP.Optional.UniversalDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\UNIVERSAL\DRIVER UPDATER, Quarantined, [1793], [339400],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\USERS\BUBBL\APPDATA\LOCAL\{5E3B6867-7A93-04DF-170B-21373363DDAF}, Quarantined, [117], [302717],1.0.1540
 
File: 33
PUP.Optional.UniversalDriverUpdater, C:\Windows\System32\Tasks\Universal\Driver Updater\Start Driver Updater automatic scanning, Quarantined, [1793], [339400],1.0.1540
PUP.Optional.UniversalDriverUpdater, C:\Windows\System32\Tasks\Universal\Driver Updater\Start Driver Updater \u00d0\u00ben logon, Quarantined, [1793], [339400],1.0.1540
PUP.Optional.AdvanceSystemCare, C:\PROGRAM FILES\ADVANCED SYSTEM CARE\TASKSCHEDULER.DLL, Quarantined, [1377], [333241],1.0.1540
PUP.Optional.AdvanceSystemCare, C:\PROGRAM FILES\ADVANCED SYSTEM CARE\INTEROP.IWSHRUNTIMELIBRARY.DLL, Quarantined, [1377], [333241],1.0.1540
PUP.Optional.AdvanceSystemCare, C:\PROGRAM FILES\ADVANCED SYSTEM CARE\UNINS000.EXE, Quarantined, [1377], [333241],1.0.1540
PUP.Optional.IWin, C:\USERS\BUBBL\DOWNLOADS\BEJEWELED3-SETUP (1).EXE, Quarantined, [3036], [355169],1.0.1540
PUP.Optional.DriverUpdate, C:\USERS\BUBBL\DOWNLOADS\DRIVERUPDATE-SETUP.EXE, Quarantined, [1212], [331447],1.0.1540
PUP.Optional.AdvancedSystemCare, C:\USERS\BUBBL\DOWNLOADS\ASCSNICROSUS728.EXE, Quarantined, [1859], [336134],1.0.1540
PUP.Optional.DriverUpdate, C:\USERS\BUBBL\DOWNLOADS\DRIVERUPDATE-SETUP (1).EXE, Quarantined, [1212], [331447],1.0.1540
PUP.Optional.IWin, C:\USERS\BUBBL\DOWNLOADS\BEJEWELED3-SETUP.EXE, Quarantined, [3036], [355169],1.0.1540
PUP.Optional.WinYahoo, C:\USERS\BUBBL\APPDATA\LOCAL\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\chromium-min.jpg, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\control panel-min-min.JPG, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\down.png, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\ff menu.JPG, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\ff search engine-min.png, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\hp-min ff.png, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\hp-min ie.png, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\search engine.gif, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\setup pages.gif, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\sp-min.png, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\start-min.jpg, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\HowToRemove\up.png, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\bapi_ff.dat, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\bapi_ie.dat, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\ceda, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\fira, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\install.log, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\Sqlite3.dll, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\tese, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\uninst.dat, Quarantined, [117], [302717],1.0.1540
PUP.Optional.WinYahoo, C:\Users\bubbl\AppData\Local\{5E3B6867-7A93-04DF-170B-21373363DDAF}\uninst.exe, Quarantined, [117], [302717],1.0.1540
Adware.DealPly.Generic, C:\USERS\BUBBL\APPDATA\ROAMING\DISOPERAT, Quarantined, [3181], [367966],1.0.1540
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts
Hello,


I'd say that removed most of the junk and lots of it !

With all that stuff I would reset the browsers too.

See below link to do that.

https://www.howtogee...fault-settings/

Next when you get a chance
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#7
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts

I was hoping you'd understand how messed up it was ... wish I could get HER to understand :)

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Penny S Farris (administrator) on DESKTOP-7HJLTT7 (19-03-2017 16:40:29)
Running from C:\Users\bubbl\Desktop
Loaded Profiles: Penny S Farris (Available Profiles: Penny S Farris)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(© 2015 Microsoft Corporation) C:\Users\bubbl\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.15.2140.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2017-02-28] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKLM-x32\...\Run: [ClearScreen Player] => C:\Program Files (x86)\ClearScreenPlayer\ClearScreenPlayer.exe [439712 2016-04-20] ()
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Dropbox Update] => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-16] (Dropbox, Inc.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [ClearScreen Player] => C:\Program Files (x86)\ClearScreenPlayer\ClearScreenPlayer.exe [439712 2016-04-20] ()
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [BingSvc] => C:\Users\bubbl\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Chromium] => c:\users\bubbl\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\RunOnce: [Uninstall C:\Users\bubbl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bubbl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-30]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 67.142.160.8 67.142.160.9
Tcpip\..\Interfaces\{72caaa9f-c5f5-4583-9363-1bb4938bbca0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{72caaa9f-c5f5-4583-9363-1bb4938bbca0}: [DhcpNameServer] 67.142.160.8 67.142.160.9
Tcpip\..\Interfaces\{746df8de-bd5f-4f4d-9602-729aa8db16a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{746df8de-bd5f-4f4d-9602-729aa8db16a4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ee42c699-068b-44b3-870d-c0cd49250b5e}: [DhcpNameServer] 82.163.142.7
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-2430580443-1646431325-2133495863-1001: @citrixonline.com/appdetectorplugin -> C:\Users\bubbl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-09] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default [2017-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-19]
CHR HKLM-x32\...\Chrome\Extension: [leomkkljcdgegflamofjilaekhgiiake] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-16] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2017-02-28] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-30] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2017-02-28] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-19] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-02-28] (Realtek                                            )
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [418784 2017-02-28] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-05-16] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-19 13:35 - 2017-03-19 13:35 - 00008465 _____ C:\Users\bubbl\Desktop\malwarebytes scanlog.txt
2017-03-19 10:53 - 2017-03-19 13:27 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-19 10:53 - 2017-03-19 13:27 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-19 10:53 - 2017-03-19 13:27 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-19 10:53 - 2017-03-19 13:27 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-19 10:52 - 2017-03-19 13:26 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-19 10:52 - 2017-03-19 10:52 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-19 10:52 - 2017-03-19 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-19 10:52 - 2017-03-19 10:52 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-19 10:52 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-19 10:31 - 2017-03-19 10:50 - 57131432 _____ (Malwarebytes ) C:\Users\bubbl\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-19 10:25 - 2017-03-19 13:26 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPenny S Farris.job
2017-03-19 10:25 - 2017-03-19 10:25 - 00003328 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPenny S Farris
2017-03-18 06:04 - 2017-03-18 06:51 - 01663904 _____ (Malwarebytes) C:\Users\bubbl\Desktop\JRT.exe
2017-03-18 06:03 - 2017-03-18 06:39 - 04031440 _____ C:\Users\bubbl\Desktop\adwcleaner_6.044.exe
2017-03-15 08:23 - 2017-03-15 08:28 - 02424832 _____ (Farbar) C:\Users\bubbl\Desktop\FRST64.exe
2017-03-09 18:00 - 2017-03-09 18:00 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-06 16:59 - 2017-03-06 17:05 - 00000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0c039344d2f910be
2017-03-06 16:58 - 2017-03-06 16:58 - 00000000 ____D C:\Users\bubbl\AppData\Local\Deployment
2017-03-06 16:58 - 2017-03-06 16:58 - 00000000 ____D C:\Users\bubbl\AppData\Local\Apps\2.0
2017-02-28 23:17 - 2017-02-28 23:16 - 00428648 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2017-02-28 23:17 - 2017-02-28 23:16 - 00329832 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo54.dll
2017-02-28 23:17 - 2017-02-28 23:16 - 00064104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2017-02-28 23:17 - 2017-02-28 23:16 - 00060008 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2017-02-28 23:17 - 2017-02-28 23:16 - 00057448 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2017-02-28 23:13 - 2017-02-28 23:12 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2017-02-28 23:10 - 2017-02-28 23:10 - 00001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2017-02-28 23:09 - 2017-02-28 23:07 - 72520720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-02-28 23:09 - 2017-02-28 23:07 - 06764662 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-02-28 23:09 - 2017-02-28 23:07 - 03203592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-02-28 23:09 - 2017-02-28 23:07 - 02706864 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02203752 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02073096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01360520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01041744 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01001800 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00864352 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00858208 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00854032 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00725944 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00498648 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00438704 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00112496 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-02-28 23:08 - 2017-02-28 23:06 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-02-28 23:02 - 2017-02-28 23:01 - 00418784 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2017-02-28 22:55 - 2015-08-31 00:26 - 00041400 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd6.sys
2017-02-27 16:51 - 2017-02-27 16:52 - 00108559 _____ C:\Users\bubbl\Downloads\Application 2017.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-19 16:41 - 2016-07-16 16:00 - 00014845 _____ C:\Users\bubbl\Desktop\FRST.txt
2017-03-19 16:40 - 2016-07-11 14:24 - 00000000 ____D C:\FRST
2017-03-19 16:38 - 2016-08-12 04:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-19 13:30 - 2016-05-16 20:53 - 00000000 ___RD C:\Users\bubbl\Dropbox
2017-03-19 13:29 - 2016-08-12 04:16 - 00000000 ____D C:\Users\bubbl
2017-03-19 13:29 - 2016-06-24 17:33 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Skype
2017-03-19 13:26 - 2016-08-12 04:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-19 13:25 - 2016-07-15 23:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-03-19 13:24 - 2016-11-01 20:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Universal
2017-03-19 13:24 - 2016-08-30 18:39 - 00000000 ____D C:\Program Files\Advanced System Care
2017-03-19 11:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-19 10:58 - 2016-08-12 04:30 - 00004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2017-03-19 10:52 - 2016-07-15 06:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-19 10:36 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-19 07:43 - 2016-05-18 18:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-19 07:38 - 2016-05-18 18:01 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-19 07:37 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-19 07:30 - 2016-08-12 04:15 - 01405478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-19 07:24 - 2016-07-13 06:33 - 00000000 ____D C:\AdwCleaner
2017-03-18 07:02 - 2016-07-12 12:31 - 00000000 ____D C:\Users\bubbl\Desktop\Work for Pennys LT
2017-03-18 06:45 - 2015-07-10 04:04 - 00000187 _____ C:\WINDOWS\win.ini
2017-03-18 06:44 - 2016-05-16 20:33 - 00000000 ____D C:\Users\bubbl\Documents\YouCam
2017-03-18 06:39 - 2016-11-02 01:50 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\{5E6668DD-7B34-05AB-1002-2279CCD0DF47}
2017-03-18 06:38 - 2016-08-31 01:38 - 00000299 _____ C:\Users\bubbl\AppData\Roaming\WB.CFG
2017-03-18 06:35 - 2017-01-14 19:58 - 00000000 ____D C:\Program Files\TrueKey
2017-03-18 06:35 - 2016-08-27 10:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-18 06:30 - 2016-08-27 10:37 - 00000000 ____D C:\Users\bubbl\AppData\Local\{8D97BB2C-A8C5-D65A-C3F3-F1881F210CB6}
2017-03-18 06:30 - 2016-08-27 10:34 - 00000000 ____D C:\Users\bubbl\AppData\Local\GamesManager
2017-03-18 06:29 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-18 06:29 - 2015-07-10 04:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-15 08:40 - 2016-07-16 16:02 - 00049212 _____ C:\Users\bubbl\Desktop\Addition.txt
2017-03-15 08:17 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-10 23:18 - 2016-10-26 16:21 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\MahJong Suite
2017-03-09 18:01 - 2016-05-16 20:49 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Dropbox
2017-03-09 18:01 - 2016-05-16 20:42 - 00000000 ____D C:\Users\bubbl\AppData\Local\Dropbox
2017-03-04 19:08 - 2016-05-16 20:32 - 00000000 ____D C:\Users\bubbl\AppData\Local\Packages
2017-03-02 21:09 - 2017-01-14 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-02 21:09 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-02 21:07 - 2016-03-20 02:55 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2017-02-28 23:17 - 2015-07-13 09:28 - 00000000 ____D C:\SWSetup
2017-02-28 23:16 - 2016-05-17 21:57 - 00902248 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-02-28 23:16 - 2016-05-17 21:57 - 00803944 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2017-02-28 23:16 - 2016-05-17 21:57 - 00278632 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2017-02-28 23:16 - 2016-05-16 20:24 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-02-28 23:13 - 2016-03-20 01:54 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-02-28 23:12 - 2016-03-20 01:58 - 00943112 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-02-28 23:10 - 2016-08-12 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-02-28 23:10 - 2016-08-12 04:10 - 00011070 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-02-28 23:10 - 2016-08-12 04:10 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-28 23:10 - 2016-03-20 01:54 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-02-28 23:07 - 2016-03-20 01:54 - 05251592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-02-28 23:07 - 2016-03-20 01:54 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 03133152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-02-28 23:06 - 2016-03-20 01:54 - 01608128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-02-28 23:05 - 2016-03-20 01:54 - 02838232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-02-28 23:02 - 2016-08-12 04:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-28 22:56 - 2016-03-20 02:22 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-02-28 22:55 - 2016-03-20 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-02-28 22:55 - 2016-03-20 01:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 22:51 - 2016-03-20 02:23 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-02-28 22:51 - 2016-03-20 02:22 - 00000000 ____D C:\ProgramData\Temp
2017-02-28 22:27 - 2016-11-22 21:33 - 00000000 ____D C:\Users\bubbl\AppData\Local\ElevatedDiagnostics
2017-02-28 22:26 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-24 20:10 - 2017-01-14 19:58 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-24 20:10 - 2017-01-14 19:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 19:37 - 2016-12-09 18:08 - 00003308 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 19:37 - 2016-05-16 20:37 - 00002374 _____ C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 19:37 - 2016-05-16 20:37 - 00000000 ___RD C:\Users\bubbl\OneDrive
2017-02-18 21:28 - 2017-01-14 20:12 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
 
==================== Files in the root of some directories =======
 
2016-08-31 01:38 - 2017-03-18 06:38 - 0000299 _____ () C:\Users\bubbl\AppData\Roaming\WB.CFG
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-18 07:29
 
==================== End of FRST.txt ============================
 
 
Addition
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Penny S Farris (19-03-2017 16:42:37)
Running from C:\Users\bubbl\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-12 11:40:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2430580443-1646431325-2133495863-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2430580443-1646431325-2133495863-503 - Limited - Disabled)
Guest (S-1-5-21-2430580443-1646431325-2133495863-501 - Limited - Disabled)
Penny S Farris (S-1-5-21-2430580443-1646431325-2133495863-1001 - Administrator - Enabled) => C:\Users\bubbl
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2D Mahjong Temple (HKLM-x32\...\2D Mahjong Temple) (Version:  - iWin.com)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advance-System Care (HKLM\...\{F851A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.16074 - advancedpctools.com)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Powered Search (HKLM-x32\...\BingPoweredSearch) (Version:  - )
BingProvidedSearch (HKLM-x32\...\{89E56125-D965-B0A5-68E5-C025B86513A5}) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
callofwar (HKLM-x32\...\{CE2320B6-5A53-41A3-A549-14CC1FBCE06A}_is1) (Version: 2.2.1.9 - callofwar)
Chromium (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Chromium) (Version: 51.0.2672.0 - Chromium)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
ClearScreen Player (HKLM-x32\...\{344E6832-0DAE-43F5-841C-7EDBFB7EF235}) (Version: 1.6.2.2 - ClearScreen Player)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fantasy Mosaics 17: New Palette (HKLM-x32\...\Fantasy Mosaics 17: New Palette) (Version: 1.0.0.0 - iWin.com)
Games Manager (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\GamesManager) (Version: 2.13.5.801 - iWin Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match: Twilight (HKLM-x32\...\BFG-Jewel Match - Twilight) (Version:  - )
MahJong Suite 2016 v13.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 13.0 - TreeCardGames)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Sir Match-a-Lot (HKLM-x32\...\BFG-Sir Match-a-Lot) (Version:  - )
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
Space Mahjong (x32 Version: 1.1.2.4 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Universal Driver Updater (HKLM-x32\...\{03E33667-F180-4D3C-9A88-10020AB6AEEF}_is1) (Version: 1.1.0.0 - universaldriverupdator.com)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E1058B-4512-41F1-B027-07CFBFF3C667} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001Core1d23cb0df49b8aa => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-16] (Dropbox, Inc.)
Task: {0EA003A3-8873-4358-BA4D-34AA2CCFD32A} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-30] (AVAST Software)
Task: {0F9A7B03-1B79-43F3-AFF4-26D089C92890} - \Universal\Driver Updater\Start Driver Updater оn logon -> No File <==== ATTENTION
Task: {292752D1-FF62-4D37-A394-105159A8BD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2FAF2A4A-5057-4DDF-95AA-36A76BC1430F} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5410D649-A2C0-451A-B769-2DAB81028338} - System32\Tasks\HPCeeScheduleForPenny S Farris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {561B738F-9CF9-41B9-BC2D-BEBCED6EA998} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} - System32\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123} => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe  <==== ATTENTION
Task: {79BB5360-FA5D-4472-8B6B-4EA6AE8CB3AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {7DEFC3F2-E4CF-4E39-B182-06AA04C596F2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {8994D8B1-6C39-444E-8410-E30735F35F04} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {8ADAAC3E-ADB6-44A9-AE15-E3A1DFAD66AF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001UA1d23cb0e061f8cc => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-16] (Dropbox, Inc.)
Task: {94434971-FD58-4552-82B3-B8E687F96E46} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A51914EB-AA7F-46FA-A127-881C8AC5197C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {B48C2A10-CBDB-4A5C-B788-C9C6F1FD6C16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {C1E146EB-EADF-4429-A24E-25AD9CDFFD06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {C864FF4C-7D0F-42D7-AA85-C871D2E570AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-02-10] (HP Inc.)
Task: {E3E3C738-7BB9-4F03-AF13-1E278A288662} - \Universal\Driver Updater\Start Driver Updater automatic scanning -> No File <==== ATTENTION
Task: {E9434032-F33F-4AE6-9260-7E5A35505232} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {EC400A52-0BA1-4702-B6C6-AE1658F0B571} - System32\Tasks\{59AB081C-DA7D-4C8D-9748-19E34FE17A99} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.23.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {F32E8553-76CF-454E-8E55-66CE4CB5A694} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {F3D07AB5-2CE3-4458-93E7-184DEB28A746} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {F8862245-8BE5-4927-92B8-2B8C013E4D6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {FB4F97AA-C78D-4AD2-B204-B862769B4084} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-05-16] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001Core1d23cb0df49b8aa.job => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001UA1d23cb0e061f8cc.job => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPenny S Farris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 17:22 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-30 14:22 - 2016-05-30 14:22 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-03-20 02:45 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-19 10:52 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-19 10:52 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-13 17:22 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-30 20:06 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-15 18:45 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-15 18:44 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-15 18:44 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-15 08:22 - 2017-03-15 08:24 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-15 08:22 - 2017-03-15 08:24 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-15 08:22 - 2017-03-15 08:24 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-15 08:22 - 2017-03-15 08:24 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-10 22:28 - 2017-03-10 22:28 - 10650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-03-10 22:28 - 2017-03-10 22:28 - 02653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-03-10 22:28 - 2017-03-10 22:28 - 00761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-03-09 18:00 - 2017-03-06 13:59 - 00807232 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-03-09 18:00 - 2017-02-08 19:19 - 00035792 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00100296 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00018888 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\select.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00019776 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00694224 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00020824 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00123856 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01682768 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00020816 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00145864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00019408 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00116688 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-03-09 18:00 - 2017-02-08 19:22 - 00105928 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00038712 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00060736 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024528 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00175560 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00392144 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-09 18:00 - 2017-02-08 19:22 - 00020936 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00116176 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00381760 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00124880 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00030160 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00043472 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00048592 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00057808 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00246608 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00027488 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-09 18:00 - 2017-02-08 19:21 - 00241104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022336 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00025432 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00028616 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01826104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00083912 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01972536 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 03928896 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00531264 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00053072 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00133432 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00224064 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00207680 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00069968 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00021848 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00350152 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00103232 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00023896 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00025936 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 18:00 - 2017-02-08 19:17 - 00036296 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00033112 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-03-09 18:00 - 2016-12-02 14:44 - 00293392 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00084288 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-03-09 18:00 - 2017-02-08 19:27 - 00017864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-09 18:00 - 2017-02-08 19:27 - 01631184 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00042816 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00171336 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00357688 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00060880 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00546104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-05-30 14:22 - 2016-05-30 14:22 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 04:04 - 2017-03-18 06:50 - 00000830 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6A0260BE-0CB7-408D-8946-1F2DD87DCC67}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BA1D7740-43F4-4D93-A317-EC0319446F17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A087CAB0-4EE1-44BB-89F3-40BB61158453}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB242D16-013A-4AC6-A707-270AB2C85118}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3915A0F-F3BF-49EE-9442-4F3D55357E5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2DBDF80-924A-4559-9CCB-1BD1FAE53868}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{BCDEEEE7-04F1-471C-B869-11D76FDB1188}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{D5C1FAED-DCBE-4EE8-AC34-B03BD14A80DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{6A370A8F-CE1A-4AE9-8A2E-377333D0021B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A7490464-3A5A-410A-9D46-2EE6E4F8D241}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{5AEC090C-9723-4872-99D9-9F43EB750C98}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C4B52D8B-4F29-4E98-AAFC-F7E4639BD39B}] => (Allow) C:\Users\bubbl\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{A2E241DA-40A1-4CCF-B0C6-3A939564E67D}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{0EB27E84-912B-4755-B9D6-F7DEB246C2DE}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{26C9F323-9509-4630-9F96-CE7BE4FA3CCC}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{2E11E209-57A5-4C8A-8171-6411A27F92E4}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\tvnserver.exe
FirewallRules: [{4D734000-8444-46DB-B776-7B5680EF32B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-03-2017 06:51:51 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2017 10:54:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/19/2017 10:54:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/19/2017 10:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7735547
 
Error: (03/19/2017 10:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7735547
 
Error: (03/19/2017 10:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/19/2017 07:32:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/18/2017 06:52:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/18/2017 06:38:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7HJLTT7)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/18/2017 06:38:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-7HJLTT7)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/18/2017 06:37:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-7HJLTT7)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (03/19/2017 01:26:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/19/2017 01:26:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/19/2017 01:26:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (03/19/2017 01:25:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/19/2017 10:47:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/19/2017 10:21:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/19/2017 07:54:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/19/2017 07:28:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/19/2017 07:26:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/19/2017 07:26:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-19 16:40:41.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 16:40:41.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 16:40:23.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 16:40:23.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 13:29:14.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 13:29:14.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 13:22:11.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 13:22:11.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 12:32:58.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 12:32:58.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 45%
Total physical RAM: 3985.95 MB
Available physical RAM: 2188.84 MB
Total Virtual: 4689.95 MB
Available Virtual: 2663.42 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.88 GB) (Free:395.49 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.66 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E40E8831)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts
Hello

When you get the time..

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {0F9A7B03-1B79-43F3-AFF4-26D089C92890} - \Universal\Driver Updater\Start Driver Updater оn logon -> No File <==== ATTENTION
Task: {5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} - System32\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123} => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe  <==== ATTENTION
C:\Users\bubbl\AppData\Local\{8D97B~1
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#9
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts

my wife had surgery yesterday and we just got home today ... will get to this friday (I hope) ... have to drive my grandsons to appointments in Grand Rapids and Lansing ... so on the road for about 8 hours and maybe more.


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts
Not to worry, I'll be here. Please drive safely.
  • 0

Advertisements


#11
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts

When I try to save this notepad file to the desktop, I get the following message:

 

C:\Users\bubbl\Desktop\Fixlist.txt

This file contains  characters in Unicode format which will be lost if you

save this file as an ANSI encoded text file. To keep the Unicode

information, click Cancel below and then select one of the Unicode

options from the Encoding drop down list. Continue?

 

I did NOT proceed ... waiting for you to let me know how to proceed 

 

oh, surgery fine, driving fine ... tired as all get out :)


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts
Hello,

click Cancel below and then select one of the Unicode

options from the Encoding drop down list. Continue?


Just what it says

In the bottom of notepad you will see where it says Encoding click the little black arrow in the encoding box and choose Unicode. Then save the file to the desktop as normal.
  • 0

#13
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Penny S Farris (25-03-2017 14:26:52) Run:3
Running from C:\Users\bubbl\Desktop
Loaded Profiles: Penny S Farris (Available Profiles: Penny S Farris)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {0F9A7B03-1B79-43F3-AFF4-26D089C92890} - \Universal\Driver Updater\Start Driver Updater оn logon -> No File <==== ATTENTION
Task: {5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} - System32\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123} => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe  <==== ATTENTION
C:\Users\bubbl\AppData\Local\{8D97B~1
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F9A7B03-1B79-43F3-AFF4-26D089C92890} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F9A7B03-1B79-43F3-AFF4-26D089C92890} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Universal\Driver Updater\Start Driver Updater оn logon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} => key removed successfully
C:\WINDOWS\System32\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1FC15B2D-3674-CA95-514E-5241279BA123} => key removed successfully
C:\Users\bubbl\AppData\Local\{8D97B~1 => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 3600496 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12713826 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 684600 B
Edge => 9728 B
Chrome => 2929198 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 43748 B
bubbl => 42684812 B
 
RecycleBin => 3286 B
EmptyTemp: => 59.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:27:58 ====

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,430 posts

Hello,

 

Run the computer for a while, looks like we got everything. This user should run Malwarebytes once a week.

 

Let me know how things are with the computer and if there are still any issues left.

 

Thanks

Joe :)


  • 0

#15
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts

Thanks Joe ... I will give it back to her tonight at church ... I will probably have to tell her to bring her laptop every sunday so I can run Malwarebytes for her. She's 70 and doesn't understand much other than getting on her laptop and playing Mahjong and a few other games :)

 

Mark


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP