Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Farbar Scan

Started by scannejr , Apr 27 2017 07:40 PM
Farbar tojan malwarebytes

  • Please log in to reply

#1
scannejr
Posted 27 April 2017 - 07:40 PM

scannejr

    New Member

  • Member
  • Pip
  • 9 posts

Thanks for the help.

 

I had a bad infection. Ran Malwarebyes and it cleaned up multiple infections. I then ran adwcleaner and it cleaned out 20 or so. Just ran Farbar and here is the frst file and the addition file.

 

Is anyone able to help me create the fxt file. I am not sure which ones to add. Seems like all the files with no file location, but I do not want to try trial and error. Have an exam tomorrow morning and my computer is not running as well as it should. Still having reroute problems. Running slowly, glitches. 

 

Thanks

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Default1 (administrator) on DEFAULT (27-04-2017 21:10:47)
Running from C:\Users\Default1\Downloads
Loaded Profiles: Default1 (Available Profiles: Default1 & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Farbar) C:\Users\Default1\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-01-23] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NortonSupport] => "C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\symerr.exe" /supportreboot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\Run: [EPSON Stylus CX5000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBVA.EXE [213504 2007-10-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\Run: [Google Update] => C:\Users\Default1\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-11] (Google Inc.)
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-30] (Skype Technologies S.A.)
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\MountPoints2: {85a55b3d-65be-11e2-be69-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk [2012-12-27]
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Default1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk [2017-04-27]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D570A212-748D-472D-BF74-E41629AED73A}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2142470428-2383440531-759292562-1001 -> DefaultScope {CFC1872A-6872-478F-A6F4-3127D929FF8E} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-14] (Intel Security)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-14] (Intel Security)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\ssv.dll [2016-09-19] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-19] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-14] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-14] (Intel Security)
Toolbar: HKU\S-1-5-21-2142470428-2383440531-759292562-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-03-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2142470428-2383440531-759292562-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Default1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2142470428-2383440531-759292562-1001: @talk.google.com/O1DPlugin -> C:\Users\Default1\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2142470428-2383440531-759292562-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2142470428-2383440531-759292562-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Default1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Default1\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default [2017-04-27]
CHR Extension: (Google Slides) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-16]
CHR Extension: (Google Docs) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-16]
CHR Extension: (Google Drive) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-16]
CHR Extension: (YouTube) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-16]
CHR Extension: (Skype) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-13] (WildTangent)
R2 HPSLPSVC; C:\Users\Default1\AppData\Local\Temp\7zS5DAF\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] <==== ATTENTION
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-01-21] (LULU SOFTWARE LIMITED)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2016-06-27] (Livescribe) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-01-23] (Dritek System INC.)
S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1587552 2014-01-21] (LULU SOFTWARE LIMITED)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2017-03-23] (Hewlett-Packard)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-12] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-12] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-12] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros) [File not signed]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-18] ()
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-02-01] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-27] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-06] (Malwarebytes)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-23] (Dritek System Inc.)
S3 PulseUsb; C:\Windows\System32\drivers\PulseUsb.sys [26112 2015-09-19] (Windows ® Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160218.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160218.002\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-27 21:04 - 2017-04-27 21:04 - 00002581 ____N C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\Users\Default1\AppData\Roaming\WildTangent
2017-04-27 20:55 - 2017-04-27 20:56 - 02427392 _____ (Farbar) C:\Users\Default1\Downloads\FRST64 (2).exe
2017-04-27 20:07 - 2017-04-27 21:01 - 00034866 _____ C:\Users\Default1\Downloads\Addition.txt
2017-04-27 20:05 - 2017-04-27 21:10 - 00021283 _____ C:\Users\Default1\Downloads\FRST.txt
2017-04-27 20:04 - 2017-04-27 21:10 - 00000000 ____D C:\FRST
2017-04-27 20:03 - 2017-04-27 20:04 - 02427392 _____ (Farbar) C:\Users\Default1\Downloads\FRST64 (1).exe
2017-04-27 20:00 - 2017-04-27 20:00 - 00000117 _____ C:\Windows\system32\netcfg-50000.txt
2017-04-27 19:59 - 2017-04-27 19:59 - 00000117 _____ C:\Windows\system32\netcfg-783843.txt
2017-04-27 19:49 - 2017-04-27 19:59 - 00000000 ____D C:\AdwCleaner
2017-04-27 19:49 - 2017-04-27 19:49 - 04102600 _____ C:\Users\Default1\Downloads\adwcleaner_6.046 (1).exe
2017-04-27 19:47 - 2017-04-27 19:47 - 00000117 _____ C:\Windows\system32\netcfg-63625.txt
2017-04-27 19:46 - 2017-04-27 19:46 - 00000117 _____ C:\Windows\system32\netcfg-14094687.txt
2017-04-27 19:45 - 2017-04-27 19:45 - 02427392 _____ (Farbar) C:\Users\Default1\Downloads\FRST64.exe
2017-04-27 19:41 - 2017-04-27 19:42 - 04102600 _____ C:\Users\Default1\Downloads\adwcleaner_6.046.exe
2017-04-27 19:34 - 2017-04-27 19:34 - 00001760 _____ C:\Users\Default1\Desktop\results.txt
2017-04-27 16:08 - 2017-04-27 16:08 - 00000000 ____D C:\Users\Default1\AppData\Roaming\Google
2017-04-27 15:52 - 2017-04-27 15:52 - 00000117 _____ C:\Windows\system32\netcfg-75734.txt
2017-04-27 15:52 - 2017-04-27 15:52 - 00000117 _____ C:\Windows\system32\netcfg-59328.txt
2017-04-27 14:58 - 2017-04-27 14:58 - 00489808 _____ C:\Users\Default1\Desktop\RealEstate.pdf
2017-04-27 14:48 - 2017-04-27 14:48 - 00000117 _____ C:\Windows\system32\netcfg-749387531.txt
2017-04-27 14:47 - 2017-04-27 14:47 - 00000117 _____ C:\Windows\system32\netcfg-749314468.txt
2017-04-27 14:43 - 2017-04-27 14:43 - 00000117 _____ C:\Windows\system32\netcfg-749085968.txt
2017-04-27 14:43 - 2017-04-27 14:43 - 00000117 _____ C:\Windows\system32\netcfg-749083812.txt
2017-04-27 14:41 - 2017-04-27 14:41 - 00000117 _____ C:\Windows\system32\netcfg-748984265.txt
2017-04-27 14:41 - 2017-04-27 14:41 - 00000117 _____ C:\Windows\system32\netcfg-748983468.txt
2017-04-27 13:04 - 2017-04-27 13:04 - 00000117 _____ C:\Windows\system32\netcfg-743162953.txt
2017-04-26 23:51 - 2017-04-26 23:51 - 00000117 _____ C:\Windows\system32\netcfg-695584703.txt
2017-04-26 21:09 - 2017-04-26 21:09 - 00000117 _____ C:\Windows\system32\netcfg-685811625.txt
2017-04-26 21:08 - 2017-04-26 21:08 - 00000117 _____ C:\Windows\system32\netcfg-685808156.txt
2017-04-26 13:40 - 2017-04-26 13:40 - 00000117 _____ C:\Windows\system32\netcfg-658915734.txt
2017-04-26 13:39 - 2017-04-26 13:39 - 00000117 _____ C:\Windows\system32\netcfg-658850500.txt
2017-04-26 01:08 - 2017-04-26 01:08 - 00000117 _____ C:\Windows\system32\netcfg-613779781.txt
2017-04-26 01:07 - 2017-04-26 01:07 - 00000117 _____ C:\Windows\system32\netcfg-613703750.txt
2017-04-26 00:56 - 2017-04-26 00:56 - 00000117 _____ C:\Windows\system32\netcfg-613054015.txt
2017-04-26 00:53 - 2017-04-26 00:53 - 00000117 _____ C:\Windows\system32\netcfg-612892812.txt
2017-04-25 23:10 - 2017-04-25 23:10 - 00000117 _____ C:\Windows\system32\netcfg-606721281.txt
2017-04-25 23:10 - 2017-04-25 23:10 - 00000117 _____ C:\Windows\system32\netcfg-606719781.txt
2017-04-25 20:00 - 2017-04-25 20:00 - 00000117 _____ C:\Windows\system32\netcfg-595305875.txt
2017-04-25 20:00 - 2017-04-25 20:00 - 00000117 _____ C:\Windows\system32\netcfg-595304875.txt
2017-04-25 19:12 - 2017-04-25 19:13 - 02048504 _____ (Adobe Systems Incorporated) C:\Users\Default1\Downloads\Photoshop_Set-Up (1).exe
2017-04-25 18:18 - 2017-04-25 18:18 - 00000117 _____ C:\Windows\system32\netcfg-589193453.txt
2017-04-25 01:28 - 2017-04-25 01:28 - 00000117 _____ C:\Windows\system32\netcfg-528607093.txt
2017-04-25 00:47 - 2017-04-25 00:47 - 00000117 _____ C:\Windows\system32\netcfg-526108140.txt
2017-04-25 00:47 - 2017-04-25 00:47 - 00000117 _____ C:\Windows\system32\netcfg-526106671.txt
2017-04-25 00:42 - 2017-04-25 00:42 - 00000117 _____ C:\Windows\system32\netcfg-525827500.txt
2017-04-25 00:42 - 2017-04-25 00:42 - 00000117 _____ C:\Windows\system32\netcfg-525819140.txt
2017-04-25 00:19 - 2017-04-25 00:19 - 00000117 _____ C:\Windows\system32\netcfg-524429671.txt
2017-04-25 00:19 - 2017-04-25 00:19 - 00000117 _____ C:\Windows\system32\netcfg-524424500.txt
2017-04-24 23:16 - 2017-04-24 23:17 - 02048504 _____ (Adobe Systems Incorporated) C:\Users\Default1\Downloads\Photoshop_Set-Up.exe
2017-04-24 21:10 - 2017-04-24 21:10 - 00000117 _____ C:\Windows\system32\netcfg-513110296.txt
2017-04-24 21:10 - 2017-04-24 21:10 - 00000117 _____ C:\Windows\system32\netcfg-513109781.txt
2017-04-24 17:39 - 2017-04-24 17:39 - 00000117 _____ C:\Windows\system32\netcfg-500452171.txt
2017-04-24 17:39 - 2017-04-24 17:39 - 00000117 _____ C:\Windows\system32\netcfg-500451625.txt
2017-04-24 16:12 - 2017-04-24 16:12 - 00001158 _____ C:\Users\Public\Desktop\True Key.lnk
2017-04-24 15:59 - 2017-04-24 15:59 - 00000117 _____ C:\Windows\system32\netcfg-494421734.txt
2017-04-23 23:44 - 2017-04-23 23:44 - 00000117 _____ C:\Windows\system32\netcfg-435946015.txt
2017-04-23 19:37 - 2017-04-23 19:37 - 00000117 _____ C:\Windows\system32\netcfg-421135968.txt
2017-04-23 19:37 - 2017-04-23 19:37 - 00000117 _____ C:\Windows\system32\netcfg-421125906.txt
2017-04-23 17:42 - 2017-04-23 17:42 - 00000117 _____ C:\Windows\system32\netcfg-414227343.txt
2017-04-23 17:42 - 2017-04-23 17:42 - 00000117 _____ C:\Windows\system32\netcfg-414225109.txt
2017-04-23 17:30 - 2017-04-23 17:30 - 00000117 _____ C:\Windows\system32\netcfg-413512375.txt
2017-04-23 17:30 - 2017-04-23 17:30 - 00000117 _____ C:\Windows\system32\netcfg-413512187.txt
2017-04-23 16:15 - 2017-04-23 16:15 - 00000117 _____ C:\Windows\system32\netcfg-408999843.txt
2017-04-23 16:15 - 2017-04-23 16:15 - 00000117 _____ C:\Windows\system32\netcfg-408998937.txt
2017-04-23 13:13 - 2017-04-23 13:13 - 00038023 _____ C:\Users\Default1\Downloads\VLR_Feb02_v7i1 (1).pdf
2017-04-22 20:30 - 2017-04-22 20:30 - 00000117 _____ C:\Windows\system32\netcfg-337897265.txt
2017-04-22 20:29 - 2017-04-22 20:29 - 00000117 _____ C:\Windows\system32\netcfg-337827515.txt
2017-04-22 16:43 - 2017-04-22 16:43 - 00000117 _____ C:\Windows\system32\netcfg-324274734.txt
2017-04-22 16:43 - 2017-04-22 16:43 - 00000117 _____ C:\Windows\system32\netcfg-324273250.txt
2017-04-22 13:54 - 2017-04-22 13:54 - 00000117 _____ C:\Windows\system32\netcfg-314128843.txt
2017-04-22 13:54 - 2017-04-22 13:54 - 00000117 _____ C:\Windows\system32\netcfg-314127359.txt
2017-04-22 12:50 - 2017-04-22 12:50 - 00000117 _____ C:\Windows\system32\netcfg-310299296.txt
2017-04-22 12:50 - 2017-04-22 12:50 - 00000117 _____ C:\Windows\system32\netcfg-310288078.txt
2017-04-22 12:42 - 2017-04-22 12:42 - 00000117 _____ C:\Windows\system32\netcfg-309840593.txt
2017-04-22 12:42 - 2017-04-22 12:42 - 00000117 _____ C:\Windows\system32\netcfg-309839328.txt
2017-04-22 11:02 - 2017-04-22 11:02 - 00000117 _____ C:\Windows\system32\netcfg-303831859.txt
2017-04-22 11:02 - 2017-04-22 11:02 - 00000117 _____ C:\Windows\system32\netcfg-303826406.txt
2017-04-22 00:33 - 2017-04-22 00:33 - 00000117 _____ C:\Windows\system32\netcfg-266068234.txt
2017-04-22 00:31 - 2017-04-22 00:31 - 00000117 _____ C:\Windows\system32\netcfg-265994953.txt
2017-04-21 18:38 - 2017-04-21 18:38 - 00410514 _____ C:\Users\Default1\Downloads\john_T1_2016.pdf
2017-04-21 18:38 - 2017-04-21 18:38 - 00410514 _____ C:\Users\Default1\Downloads\john_T1_2016 (2).pdf
2017-04-21 18:38 - 2017-04-21 18:38 - 00410514 _____ C:\Users\Default1\Downloads\john_T1_2016 (1).pdf
2017-04-21 17:26 - 2017-04-21 17:26 - 00000117 _____ C:\Windows\system32\netcfg-240443687.txt
2017-04-21 17:26 - 2017-04-21 17:26 - 00000117 _____ C:\Windows\system32\netcfg-240441953.txt
2017-04-21 16:28 - 2017-04-21 16:28 - 00038023 _____ C:\Users\Default1\Downloads\VLR_Feb02_v7i1.pdf
2017-04-21 16:22 - 2017-04-21 16:22 - 00000117 _____ C:\Windows\system32\netcfg-236599968.txt
2017-04-21 16:05 - 2017-04-21 16:05 - 00000117 _____ C:\Windows\system32\netcfg-235621937.txt
2017-04-21 16:01 - 2017-04-21 16:01 - 00000117 _____ C:\Windows\system32\netcfg-235379750.txt
2017-04-21 12:55 - 2017-04-21 12:55 - 00000117 _____ C:\Windows\system32\netcfg-224197703.txt
2017-04-21 11:26 - 2017-04-21 11:26 - 00000117 _____ C:\Windows\system32\netcfg-218870218.txt
2017-04-20 02:46 - 2017-04-20 02:46 - 00000117 _____ C:\Windows\system32\netcfg-101271812.txt
2017-04-20 02:41 - 2017-04-20 02:41 - 00000117 _____ C:\Windows\system32\netcfg-100944140.txt
2017-04-20 02:41 - 2017-04-20 02:41 - 00000117 _____ C:\Windows\system32\netcfg-100942546.txt
2017-04-20 02:19 - 2017-04-20 02:19 - 00000117 _____ C:\Windows\system32\netcfg-99626250.txt
2017-04-20 02:19 - 2017-04-20 02:19 - 00000117 _____ C:\Windows\system32\netcfg-99624687.txt
2017-04-20 01:49 - 2017-04-20 01:49 - 00000117 _____ C:\Windows\system32\netcfg-97852375.txt
2017-04-20 01:49 - 2017-04-20 01:49 - 00000117 _____ C:\Windows\system32\netcfg-97851031.txt
2017-04-20 01:33 - 2017-04-20 01:33 - 00000117 _____ C:\Windows\system32\netcfg-96911781.txt
2017-04-20 01:33 - 2017-04-20 01:33 - 00000117 _____ C:\Windows\system32\netcfg-96907578.txt
2017-04-20 01:21 - 2017-04-20 01:21 - 00000117 _____ C:\Windows\system32\netcfg-96144171.txt
2017-04-20 01:20 - 2017-04-20 01:20 - 00000117 _____ C:\Windows\system32\netcfg-96117656.txt
2017-04-19 23:30 - 2017-04-19 23:30 - 00000117 _____ C:\Windows\system32\netcfg-89528375.txt
2017-04-19 23:29 - 2017-04-19 23:29 - 00000117 _____ C:\Windows\system32\netcfg-89458328.txt
2017-04-19 13:40 - 2017-04-19 13:40 - 00174960 _____ C:\Users\Default1\Downloads\T2202A.pdf
2017-04-19 12:07 - 2017-04-19 12:07 - 00000117 _____ C:\Windows\system32\netcfg-48555281.txt
2017-04-19 12:07 - 2017-04-19 12:07 - 00000117 _____ C:\Windows\system32\netcfg-48552250.txt
2017-04-19 08:58 - 2017-04-19 08:58 - 00000117 _____ C:\Windows\system32\netcfg-37162875.txt
2017-04-19 04:42 - 2017-04-19 04:42 - 00000117 _____ C:\Windows\system32\netcfg-21860171.txt
2017-04-19 04:42 - 2017-04-19 04:42 - 00000117 _____ C:\Windows\system32\netcfg-21856062.txt
2017-04-19 01:42 - 2017-04-19 01:42 - 00000117 _____ C:\Windows\system32\netcfg-11036718.txt
2017-04-18 22:40 - 2017-04-18 22:40 - 00000117 _____ C:\Windows\system32\netcfg-94265.txt
2017-04-18 22:39 - 2017-04-18 22:39 - 00000117 _____ C:\Windows\system32\netcfg-50218.txt
2017-04-18 15:59 - 2017-04-18 15:59 - 00237451 _____ C:\Users\Default1\Desktop\real estate exam.pdf
2017-04-18 15:52 - 2017-04-18 15:52 - 00280535 _____ C:\Users\Default1\Downloads\J Scannell Real Estate NDS W2017 Exam.pdf
2017-04-18 15:24 - 2017-04-18 15:24 - 00000117 _____ C:\Windows\system32\netcfg-248023062.txt
2017-04-18 15:23 - 2017-04-18 15:23 - 00000117 _____ C:\Windows\system32\netcfg-247964687.txt
2017-04-18 14:15 - 2017-04-18 14:15 - 00000117 _____ C:\Windows\system32\netcfg-243862718.txt
2017-04-18 14:14 - 2017-04-18 14:14 - 00000117 _____ C:\Windows\system32\netcfg-243815000.txt
2017-04-18 14:05 - 2017-04-18 14:05 - 00000117 _____ C:\Windows\system32\netcfg-243302562.txt
2017-04-18 05:23 - 2017-04-18 14:05 - 00000117 _____ C:\Windows\system32\netcfg-211973125.txt
2017-04-17 23:50 - 2017-04-17 23:50 - 00000117 _____ C:\Windows\system32\netcfg-191999750.txt
2017-04-17 23:50 - 2017-04-17 23:50 - 00000117 _____ C:\Windows\system32\netcfg-191999015.txt
2017-04-17 16:41 - 2017-04-17 16:41 - 00000117 _____ C:\Windows\system32\netcfg-166242031.txt
2017-04-17 16:41 - 2017-04-17 16:41 - 00000117 _____ C:\Windows\system32\netcfg-166240046.txt
2017-04-17 09:03 - 2017-04-17 09:03 - 00000117 _____ C:\Windows\system32\netcfg-138780109.txt
2017-04-17 09:03 - 2017-04-17 09:03 - 00000117 _____ C:\Windows\system32\netcfg-138779062.txt
2017-04-17 09:03 - 2017-04-17 09:03 - 00000117 _____ C:\Windows\system32\netcfg-138761765.txt
2017-04-17 09:03 - 2017-04-17 09:03 - 00000117 _____ C:\Windows\system32\netcfg-138758531.txt
2017-04-16 19:58 - 2017-04-16 19:58 - 00000117 _____ C:\Windows\system32\netcfg-91675890.txt
2017-04-16 19:57 - 2017-04-16 19:57 - 00000117 _____ C:\Windows\system32\netcfg-91602796.txt
2017-04-16 17:49 - 2017-04-16 17:49 - 00000117 _____ C:\Windows\system32\netcfg-83906484.txt
2017-04-16 17:49 - 2017-04-16 17:49 - 00000117 _____ C:\Windows\system32\netcfg-83899953.txt
2017-04-16 17:48 - 2017-04-16 17:48 - 00000117 _____ C:\Windows\system32\netcfg-83837968.txt
2017-04-16 17:47 - 2017-04-16 17:47 - 00000117 _____ C:\Windows\system32\netcfg-83832109.txt
2017-04-16 16:48 - 2017-04-16 16:48 - 00000117 _____ C:\Windows\system32\netcfg-80292171.txt
2017-04-16 16:48 - 2017-04-16 16:48 - 00000117 _____ C:\Windows\system32\netcfg-80291109.txt
2017-04-16 16:26 - 2017-04-16 16:26 - 00000117 _____ C:\Windows\system32\netcfg-78917562.txt
2017-04-16 16:25 - 2017-04-16 16:25 - 00000117 _____ C:\Windows\system32\netcfg-78903312.txt
2017-04-16 16:23 - 2017-04-16 16:23 - 00000117 _____ C:\Windows\system32\netcfg-78753296.txt
2017-04-16 16:23 - 2017-04-16 16:23 - 00000117 _____ C:\Windows\system32\netcfg-78751812.txt
2017-04-16 16:21 - 2017-04-16 16:21 - 00000117 _____ C:\Windows\system32\netcfg-78664468.txt
2017-04-16 16:21 - 2017-04-16 16:21 - 00000117 _____ C:\Windows\system32\netcfg-78663140.txt
2017-04-16 16:18 - 2017-04-16 16:18 - 00000117 _____ C:\Windows\system32\netcfg-78476968.txt
2017-04-16 16:17 - 2017-04-16 16:17 - 00000117 _____ C:\Windows\system32\netcfg-78403609.txt
2017-04-16 16:14 - 2017-04-16 16:14 - 00000117 _____ C:\Windows\system32\netcfg-78239281.txt
2017-04-16 16:13 - 2017-04-16 16:13 - 00000117 _____ C:\Windows\system32\netcfg-78165921.txt
2017-04-16 03:57 - 2017-04-16 03:57 - 00000117 _____ C:\Windows\system32\netcfg-34018171.txt
2017-04-16 03:57 - 2017-04-16 03:57 - 00000117 _____ C:\Windows\system32\netcfg-34012984.txt
2017-04-16 01:25 - 2017-04-16 01:25 - 00000117 _____ C:\Windows\system32\netcfg-24895343.txt
2017-04-16 01:25 - 2017-04-16 01:25 - 00000117 _____ C:\Windows\system32\netcfg-24895031.txt
2017-04-15 18:33 - 2017-04-15 18:33 - 00000117 _____ C:\Windows\system32\netcfg-145156.txt
2017-04-15 18:31 - 2017-04-15 18:31 - 00000117 _____ C:\Windows\system32\netcfg-61421.txt
2017-04-15 13:15 - 2017-04-15 13:15 - 00000117 _____ C:\Windows\system32\netcfg-747520796.txt
2017-04-15 13:15 - 2017-04-15 13:15 - 00000117 _____ C:\Windows\system32\netcfg-747520671.txt
2017-04-15 10:12 - 2017-04-15 10:12 - 00000117 _____ C:\Windows\system32\netcfg-736572796.txt
2017-04-15 10:12 - 2017-04-15 10:12 - 00000117 _____ C:\Windows\system32\netcfg-736558687.txt
2017-04-15 07:05 - 2017-04-15 07:05 - 00000117 _____ C:\Windows\system32\netcfg-725363171.txt
2017-04-15 07:05 - 2017-04-15 07:05 - 00000117 _____ C:\Windows\system32\netcfg-725362843.txt
2017-04-14 16:57 - 2017-04-14 16:57 - 00000117 _____ C:\Windows\system32\netcfg-674445875.txt
2017-04-14 11:55 - 2017-04-14 11:55 - 00000117 _____ C:\Windows\system32\netcfg-656343734.txt
2017-04-14 11:21 - 2017-04-18 14:17 - 00000000 ____D C:\Users\Default1\Desktop\Real estate docs
2017-04-14 09:18 - 2017-04-14 09:18 - 00000117 _____ C:\Windows\system32\netcfg-646895796.txt
2017-04-14 09:03 - 2017-04-14 09:03 - 00000117 _____ C:\Windows\system32\netcfg-646027562.txt
2017-04-14 08:55 - 2017-04-14 08:55 - 00000117 _____ C:\Windows\system32\netcfg-645562890.txt
2017-04-13 23:10 - 2017-04-13 23:10 - 00000117 _____ C:\Windows\system32\netcfg-610473062.txt
2017-04-13 20:06 - 2017-04-13 20:06 - 00000117 _____ C:\Windows\system32\netcfg-599392203.txt
2017-04-13 20:06 - 2017-04-13 20:06 - 00000117 _____ C:\Windows\system32\netcfg-599388687.txt
2017-04-13 17:43 - 2017-04-13 17:43 - 00000117 _____ C:\Windows\system32\netcfg-590840140.txt
2017-04-13 17:43 - 2017-04-13 17:43 - 00000117 _____ C:\Windows\system32\netcfg-590834171.txt
2017-04-13 04:24 - 2017-04-13 04:35 - 00000000 ____D C:\Users\Default1\Desktop\iphone again
2017-04-12 19:10 - 2017-04-12 19:10 - 00000117 _____ C:\Windows\system32\netcfg-509663406.txt
2017-04-12 19:10 - 2017-04-12 19:10 - 00000117 _____ C:\Windows\system32\netcfg-509655453.txt
2017-04-12 19:09 - 2017-04-12 19:09 - 00000117 _____ C:\Windows\system32\netcfg-509581578.txt
2017-04-12 19:09 - 2017-04-12 19:09 - 00000117 _____ C:\Windows\system32\netcfg-509579953.txt
2017-04-12 18:55 - 2017-04-12 18:55 - 00000117 _____ C:\Windows\system32\netcfg-508770390.txt
2017-04-12 18:53 - 2017-04-12 18:53 - 00000117 _____ C:\Windows\system32\netcfg-508650031.txt
2017-04-12 16:34 - 2017-04-12 16:34 - 00000117 _____ C:\Windows\system32\netcfg-500273984.txt
2017-04-12 16:34 - 2017-04-12 16:34 - 00000117 _____ C:\Windows\system32\netcfg-500269296.txt
2017-04-12 15:03 - 2017-04-12 15:03 - 00000117 _____ C:\Windows\system32\netcfg-494838546.txt
2017-04-12 15:03 - 2017-04-12 15:03 - 00000117 _____ C:\Windows\system32\netcfg-494837140.txt
2017-04-12 13:46 - 2017-04-12 13:46 - 00000117 _____ C:\Windows\system32\netcfg-490233968.txt
2017-04-12 13:46 - 2017-04-12 13:46 - 00000117 _____ C:\Windows\system32\netcfg-490232375.txt
2017-04-12 12:36 - 2017-04-12 12:36 - 00000117 _____ C:\Windows\system32\netcfg-486024937.txt
2017-04-12 11:51 - 2017-04-12 11:51 - 00000117 _____ C:\Windows\system32\netcfg-483297250.txt
2017-04-12 11:46 - 2017-04-12 11:46 - 00000117 _____ C:\Windows\system32\netcfg-483012453.txt
2017-04-12 11:46 - 2017-04-12 11:46 - 00000117 _____ C:\Windows\system32\netcfg-483009390.txt
2017-04-12 08:54 - 2017-04-12 08:54 - 00000117 _____ C:\Windows\system32\netcfg-472717156.txt
2017-04-12 08:49 - 2017-04-12 08:49 - 00000117 _____ C:\Windows\system32\netcfg-472415875.txt
2017-04-12 07:03 - 2017-04-12 07:03 - 00000117 _____ C:\Windows\system32\netcfg-466031906.txt
2017-04-12 07:03 - 2017-04-12 07:03 - 00000117 _____ C:\Windows\system32\netcfg-466026937.txt
2017-04-11 21:53 - 2017-04-11 21:53 - 00000117 _____ C:\Windows\system32\netcfg-433047953.txt
2017-04-11 21:53 - 2017-04-11 21:53 - 00000117 _____ C:\Windows\system32\netcfg-433046593.txt
2017-04-11 21:52 - 2017-04-11 21:52 - 00000117 _____ C:\Windows\system32\netcfg-432980187.txt
2017-04-11 21:52 - 2017-04-11 21:52 - 00000117 _____ C:\Windows\system32\netcfg-432980015.txt
2017-04-11 18:36 - 2017-04-11 18:36 - 00000117 _____ C:\Windows\system32\netcfg-421204640.txt
2017-04-11 18:36 - 2017-04-11 18:36 - 00000117 _____ C:\Windows\system32\netcfg-421200859.txt
2017-04-11 13:35 - 2017-04-11 13:35 - 00239484 _____ C:\Users\Default1\Desktop\family.pdf
2017-04-11 10:29 - 2017-04-11 10:29 - 00000117 _____ C:\Windows\system32\netcfg-391982390.txt
2017-04-11 01:43 - 2017-04-11 01:43 - 00000117 _____ C:\Windows\system32\netcfg-360409656.txt
2017-04-11 01:42 - 2017-04-11 01:42 - 00000117 _____ C:\Windows\system32\netcfg-360403406.txt
2017-04-11 01:42 - 2017-04-11 01:42 - 00000117 _____ C:\Windows\system32\netcfg-360401843.txt
2017-04-10 21:03 - 2017-04-10 21:04 - 00000117 _____ C:\Windows\system32\netcfg-343664718.txt
2017-04-10 18:08 - 2017-04-10 18:08 - 00000117 _____ C:\Windows\system32\netcfg-333166062.txt
2017-04-10 18:08 - 2017-04-10 18:08 - 00000117 _____ C:\Windows\system32\netcfg-333162390.txt
2017-04-10 18:08 - 2017-04-10 18:08 - 00000117 _____ C:\Windows\system32\netcfg-333160796.txt
2017-04-10 14:20 - 2017-04-10 14:20 - 00280635 _____ C:\Users\Default1\Downloads\J Scannell NDS Family Law W2017 final exam.pdf
2017-04-10 13:57 - 2017-04-10 13:57 - 00000117 _____ C:\Windows\system32\netcfg-318095718.txt
2017-04-10 00:15 - 2017-04-10 00:15 - 00000117 _____ C:\Windows\system32\netcfg-268751718.txt
2017-04-10 00:14 - 2017-04-10 00:14 - 00000117 _____ C:\Windows\system32\netcfg-268715125.txt
2017-04-09 21:14 - 2017-04-09 21:14 - 00000117 _____ C:\Windows\system32\netcfg-257892953.txt
2017-04-09 14:37 - 2017-04-09 14:37 - 00000117 _____ C:\Windows\system32\netcfg-234101953.txt
2017-04-09 14:37 - 2017-04-09 14:37 - 00000117 _____ C:\Windows\system32\netcfg-234098578.txt
2017-04-08 22:51 - 2017-04-08 22:51 - 00000117 _____ C:\Windows\system32\netcfg-177349578.txt
2017-04-08 22:51 - 2017-04-08 22:51 - 00000117 _____ C:\Windows\system32\netcfg-177335906.txt
2017-04-08 12:20 - 2017-04-08 12:20 - 00000117 _____ C:\Windows\system32\netcfg-139474468.txt
2017-04-08 12:19 - 2017-04-08 12:19 - 00000117 _____ C:\Windows\system32\netcfg-139412500.txt
2017-04-08 12:10 - 2017-04-08 12:10 - 00000117 _____ C:\Windows\system32\netcfg-138851531.txt
2017-04-08 12:10 - 2017-04-08 12:10 - 00000117 _____ C:\Windows\system32\netcfg-138846000.txt
2017-04-08 11:21 - 2017-04-08 11:21 - 00000117 _____ C:\Windows\system32\netcfg-135962406.txt
2017-04-08 11:20 - 2017-04-08 11:20 - 00000117 _____ C:\Windows\system32\netcfg-135884781.txt
2017-04-08 10:26 - 2017-04-08 10:26 - 00000117 _____ C:\Windows\system32\netcfg-132644671.txt
2017-04-08 10:26 - 2017-04-08 10:26 - 00000117 _____ C:\Windows\system32\netcfg-132644531.txt
2017-04-08 04:03 - 2017-04-08 04:03 - 00000117 _____ C:\Windows\system32\netcfg-109647843.txt
2017-04-08 02:07 - 2017-04-08 02:07 - 00000117 _____ C:\Windows\system32\netcfg-102702265.txt
2017-04-08 02:07 - 2017-04-08 02:07 - 00000117 _____ C:\Windows\system32\netcfg-102698437.txt
2017-04-08 02:07 - 2017-04-08 02:07 - 00000117 _____ C:\Windows\system32\netcfg-102697109.txt
2017-04-07 22:21 - 2017-04-07 22:21 - 00000117 _____ C:\Windows\system32\netcfg-89152312.txt
2017-04-07 08:33 - 2017-04-07 08:33 - 00000117 _____ C:\Windows\system32\netcfg-39480500.txt
2017-04-06 21:37 - 2017-04-06 21:37 - 00000117 _____ C:\Windows\system32\netcfg-98578.txt
2017-04-06 21:36 - 2017-04-06 21:36 - 00000117 _____ C:\Windows\system32\netcfg-73125.txt
2017-04-06 19:03 - 2017-04-06 19:03 - 00000117 _____ C:\Windows\system32\netcfg-2037603000.txt
2017-04-06 16:02 - 2017-04-06 19:02 - 00000117 _____ C:\Windows\system32\netcfg-2026784031.txt
2017-04-06 14:05 - 2017-04-06 14:05 - 00000117 _____ C:\Windows\system32\netcfg-2019771296.txt
2017-04-06 14:05 - 2017-04-06 14:05 - 00000117 _____ C:\Windows\system32\netcfg-2019770390.txt
2017-04-06 13:57 - 2017-04-06 13:57 - 00000117 _____ C:\Windows\system32\netcfg-2019293484.txt
2017-04-06 13:57 - 2017-04-06 13:57 - 00000117 _____ C:\Windows\system32\netcfg-2019289875.txt
2017-04-06 13:29 - 2017-04-06 13:29 - 00000117 _____ C:\Windows\system32\netcfg-2017564343.txt
2017-04-06 13:29 - 2017-04-06 13:29 - 00000117 _____ C:\Windows\system32\netcfg-2017561875.txt
2017-04-06 13:27 - 2017-04-06 13:27 - 00000117 _____ C:\Windows\system32\netcfg-2017444296.txt
2017-04-05 12:33 - 2017-04-05 12:33 - 00000117 _____ C:\Windows\system32\netcfg-1927823890.txt
2017-04-05 12:33 - 2017-04-05 12:33 - 00000117 _____ C:\Windows\system32\netcfg-1927812703.txt
2017-04-05 12:32 - 2017-04-05 12:32 - 00000117 _____ C:\Windows\system32\netcfg-1927807109.txt
2017-04-05 08:29 - 2017-04-05 08:29 - 00000117 _____ C:\Windows\system32\netcfg-1913208843.txt
2017-04-05 08:29 - 2017-04-05 08:29 - 00000117 _____ C:\Windows\system32\netcfg-1913208265.txt
2017-04-03 22:58 - 2017-04-03 22:58 - 00000117 _____ C:\Windows\system32\netcfg-1792559359.txt
2017-04-03 22:58 - 2017-04-03 22:58 - 00000117 _____ C:\Windows\system32\netcfg-1792559203.txt
2017-04-03 20:51 - 2017-04-03 20:51 - 00000117 _____ C:\Windows\system32\netcfg-1784946062.txt
2017-04-03 20:51 - 2017-04-03 20:51 - 00000117 _____ C:\Windows\system32\netcfg-1784937015.txt
2017-04-03 18:00 - 2017-04-03 18:00 - 00000117 _____ C:\Windows\system32\netcfg-1774659296.txt
2017-04-03 18:00 - 2017-04-03 18:00 - 00000117 _____ C:\Windows\system32\netcfg-1774648109.txt
2017-04-02 01:28 - 2017-04-02 01:28 - 00000117 _____ C:\Windows\system32\netcfg-1628742437.txt
2017-04-02 01:28 - 2017-04-02 01:28 - 00000117 _____ C:\Windows\system32\netcfg-1628732203.txt
2017-04-01 00:55 - 2017-04-01 00:55 - 00000117 _____ C:\Windows\system32\netcfg-1540344031.txt
2017-03-31 21:54 - 2017-03-31 21:54 - 00000117 _____ C:\Windows\system32\netcfg-1529510171.txt
2017-03-31 21:42 - 2017-03-31 21:42 - 00000117 _____ C:\Windows\system32\netcfg-1528789250.txt
2017-03-29 12:51 - 2017-03-29 12:51 - 00000117 _____ C:\Windows\system32\netcfg-1324147312.txt
2017-03-29 08:29 - 2017-03-29 08:29 - 00000117 _____ C:\Windows\system32\netcfg-1308394781.txt
2017-03-29 08:28 - 2017-03-29 08:28 - 00000117 _____ C:\Windows\system32\netcfg-1308355703.txt
2017-03-28 00:07 - 2017-03-28 00:07 - 00000117 _____ C:\Windows\system32\netcfg-1191896984.txt
2017-03-28 00:07 - 2017-03-28 00:07 - 00000117 _____ C:\Windows\system32\netcfg-1191895234.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-27 21:05 - 2012-12-27 05:02 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2017-04-27 21:05 - 2012-12-27 05:01 - 00000000 ____D C:\ProgramData\WildTangent
2017-04-27 21:04 - 2014-03-05 18:16 - 00000000 ____D C:\Users\Default1\AppData\Local\CrashDumps
2017-04-27 21:04 - 2012-12-27 05:02 - 00002664 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - gateway.lnk
2017-04-27 21:04 - 2012-12-27 05:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-27 20:06 - 2012-07-26 03:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-27 20:06 - 2012-07-26 01:37 - 00000000 ____D C:\Windows\Inf
2017-04-27 20:01 - 2017-01-20 23:23 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-27 20:00 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-27 19:46 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-27 15:52 - 2016-11-09 13:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-27 15:51 - 2016-11-09 13:41 - 00000000 ____D C:\Program Files\TrueKey
2017-04-27 13:10 - 2014-05-04 18:53 - 00000000 ____D C:\Users\Default1\AppData\Local\Adobe
2017-04-26 15:17 - 2016-11-09 13:41 - 00000000 ____D C:\ProgramData\McAfee
2017-04-25 18:31 - 2016-09-16 13:13 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-24 16:21 - 2014-10-21 16:08 - 00000000 ____D C:\Users\Default1\AppData\Roaming\Skype
2017-04-24 16:12 - 2016-11-09 13:52 - 00001172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-04-24 15:59 - 2012-07-26 04:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-24 15:59 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2017-04-21 16:03 - 2016-10-11 17:03 - 00000000 ___HD C:\Users\Public\Documents\.adata
2017-04-21 16:03 - 2016-10-11 17:01 - 00000000 ____D C:\ProgramData\SofTest
2017-04-21 12:27 - 2016-11-09 13:50 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-04-18 19:43 - 2017-01-20 23:23 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-18 14:26 - 2017-02-27 21:02 - 00000000 ____D C:\Users\Default1\Desktop\law school files
2017-04-18 14:25 - 2017-02-27 21:05 - 00000000 ____D C:\Users\Default1\Desktop\old mani stuff
2017-04-18 14:23 - 2017-02-27 21:05 - 00000000 ____D C:\Users\Default1\Desktop\medical
2017-04-18 14:22 - 2016-12-08 19:25 - 00000000 ____D C:\Users\Default1\Desktop\Summer weird 2
2017-04-18 14:21 - 2017-03-25 06:02 - 00000000 ____D C:\Users\Default1\Desktop\New folder (4)
2017-04-18 14:18 - 2016-04-08 16:04 - 00000000 ____D C:\Users\Default1\Desktop\great lakes
2017-04-12 17:36 - 2016-11-09 13:41 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 17:35 - 2016-11-09 13:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-11 21:25 - 2016-09-16 13:12 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 21:24 - 2016-09-16 13:12 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 15:37 - 2014-10-26 12:03 - 00003512 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2142470428-2383440531-759292562-1001UA
2017-04-11 15:37 - 2014-10-26 12:03 - 00003240 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2142470428-2383440531-759292562-1001Core
 
==================== Files in the root of some directories =======
 
2014-02-11 20:24 - 2014-02-11 20:24 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2013-12-27 04:29 - 2006-10-28 01:28 - 0145184 ____R (Microsoft Corporation) C:\Users\Default1\AppData\Local\Temp\ose00000.exe
2016-09-14 23:44 - 2006-10-28 01:28 - 0145184 ____R (Microsoft Corporation) C:\Users\Default1\AppData\Local\Temp\ose00001.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-21 11:45
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Default1 (27-04-2017 21:11:27)
Running from C:\Users\Default1\Downloads
Windows 8 (X64) (2013-10-02 00:20:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2142470428-2383440531-759292562-500 - Administrator - Disabled) => C:\Users\Administrator
Default1 (S-1-5-21-2142470428-2383440531-759292562-1001 - Administrator - Enabled) => C:\Users\Default1
Guest (S-1-5-21-2142470428-2383440531-759292562-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CADopia Standard 15 x64 (HKLM\...\{F0B923E0-4A46-4C63-BDED-CE1B1786D4E9}) (Version: 15.0.87 - CADopia Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Echo Desktop (HKLM-x32\...\Echo Desktop 3.0.4) (Version: 3.0.4 - Livescribe Inc)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.15.132.1 - Intel Security)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.21 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.)
Soda PDF 6 (HKLM-x32\...\Soda6) (Version: 6.0.76.13695 - LULU Software Limited)
Soda PDF 6 View Module (HKLM-x32\...\{3A8383CC-891F-4C5A-B116-5C9D63E0CDC4}) (Version: 6.1.1.14505 - LULU Software Limited)
SofTest v11 (HKLM-x32\...\InstallShield_{BEFAE631-635D-41B7-996E-33F134DE951D}) (Version: 11.31.1 - Examsoft)
SofTest v11 (x32 Version: 11.31.1 - Examsoft) Hidden
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3790 - SoftMaker Software GmbH)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10E7CB3A-2788-4066-B3BF-AE0D6AF49908} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2142470428-2383440531-759292562-1001Core => C:\Users\Default1\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-29] (Google Inc.)
Task: {23613F5A-B7DE-4AA6-B20B-5FBDB3DF33BF} - System32\Tasks\HP AR Program Upload - 6bfa922211554e2b81f9c4f898c17cadca73ca08e6c5418a9af68db860557e26 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {27C5B3A6-721A-46C2-862C-FA4125D83DE7} - System32\Tasks\HP AR Program Upload - 8955808ae3534399a864d13420d2b9edf4e39cf1abf94926a05fd407ee58decb => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {3C9873C6-77B5-4D5D-82E9-DC9498135E66} - System32\Tasks\HP AR Program Upload - f098674a47904b5c90810535f8866ddf5e37c362c0a147c9823d9711bcf14940 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {465382F5-76B7-4B2F-B2A6-33F4C586CBA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {5F641409-9BC8-4B2B-AE9C-06E790D7B2D8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {618DA73B-C46B-4CA6-9DF9-F64CFF21E458} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {8374356C-585F-4728-A246-F586C07DD3F7} - System32\Tasks\AdobeAAMUpdater-1.0-Default-Default1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {8F8E878F-EC8F-474F-A1E0-BC82B5A692E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {8F94B910-8C1E-424F-9754-4CB4C98311F8} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe 
Task: {AA0F398C-788E-4CBC-AA5D-01D1267C630F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
Task: {AD65AB35-1B2F-4188-9189-2AD05EBC4E0D} - System32\Tasks\HP AR Program Upload - f17c9ca680bd44ddbc2d29510d742df08d9596be113a42419d75d9188846f5d7 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {B28FF228-D353-4759-8416-DC463170381E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {B977697E-F522-4FEB-9B8D-6BA3037D1715} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2142470428-2383440531-759292562-1001UA => C:\Users\Default1\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-29] (Google Inc.)
Task: {C721636F-7B3F-4844-9E2E-656A9BD1C721} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-16] (Google Inc.)
Task: {CB3C31F0-AED9-44D9-9437-8C64CF1A1AA3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {CFB4EF69-C01B-4F41-A25B-866C584AD4CD} - System32\Tasks\HP AR Program Upload - a980de44cdbc48ce80f9bbdb609cd86ee6ec5d3baa944904b77d177ed166de4e => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {E11A4315-BF4E-46AB-8938-1AFCCA9F2171} - System32\Tasks\HP AR Program Upload - acee92b8ad964da6a4bbc6857a7042eab3ac13ccff6e425685459a9e498c3b00 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {E3D80F80-077D-4624-A6A9-A59D0D68D70F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-16] (Google Inc.)
Task: {ED5BAF20-0BF6-4888-9581-32C3F5E79B1F} - System32\Tasks\HP AR Program Upload - c0bf165726ab48f090e42b428d98dd88f064d17c69ee4376b807db2c34353a32 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {F0625D0A-D456-475D-8E7F-7DDF7D2C4713} - System32\Tasks\HP AR Program Upload - d0e9b2b3e7374187bae5596485c796294261506e566841218248c8ffb21e2bfa => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Default1\Favorites\Gateway\Gateway.lnk -> hxxp://www.gateway.com
 
ShortcutWithArgument: C:\Users\Default1\Desktop\desktop\Buy Online.lnk -> C:\Program Files\Accessory Store\StartURL.exe () -> hxxp://go.gateway.com/?id=16756
ShortcutWithArgument: C:\Users\Default1\Desktop\desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-20 23:23 - 2017-04-18 19:43 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2012-12-27 04:19 - 2012-10-23 14:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-04-25 18:31 - 2017-04-19 01:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-25 18:31 - 2017-04-19 01:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll
2012-11-02 20:38 - 2012-11-02 20:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-11-02 20:38 - 2012-11-02 20:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
2016-06-27 16:58 - 2016-06-27 16:58 - 00275968 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2016-04-25 12:39 - 2016-04-25 12:39 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2013-01-23 20:50 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2017-01-21 00:09 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "NortonSupport"
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\StartupApproved\Run: => "EPSON Stylus CX5000"
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A47E1F46-0C55-4068-813F-2A9366824B6F}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManager.exe
FirewallRules: [{02A5B7DD-2C1B-410E-AFC2-1C025F45F83B}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
FirewallRules: [{460A733C-B168-4012-B1B2-1EC5D24C8857}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\FileExplorer.exe
FirewallRules: [{98805D95-CCD1-41B9-B0CF-7DBDC6FF2826}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8A5698E9-4DFE-41DC-9674-D2404A9619A1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8A11D450-8C55-4F11-95C4-13C0BAFE5C22}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{143F10A8-33AD-46FF-99AB-5790B87A6E41}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F1473DC9-BBD7-4B1D-9DD2-CF1EF6FB0F93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B3B90F34-0883-4ED0-BEA3-5E7B1FDC9E1D}] => (Allow) C:\Users\Default1\AppData\Local\Temp\7zS5DAF\hppiw.exe
FirewallRules: [{9A68F2C7-E792-4820-A71C-3A5C6C6FACEA}] => (Allow) C:\Users\Default1\AppData\Local\Temp\7zS5DAF\hppiw.exe
FirewallRules: [{3255EBE6-9E4B-4C11-BCAA-76C3858758E1}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{CBDDE4B9-E998-49BA-910E-6AD19ECA026C}] => (Allow) C:\Users\Default1\AppData\Local\Temp\7zS5DAF\hppiw.exe
FirewallRules: [{43BA5ED4-BFBB-4471-A5CC-3EDC71C3180A}] => (Allow) C:\Users\Default1\AppData\Local\Temp\7zS5DAF\hppiw.exe
FirewallRules: [{B22C1616-66F6-4460-A5BB-034DA4299345}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A8C6434-1AF1-4848-A389-B6753072245D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C82AB0F-DB99-47AF-B81D-951665747145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF2D5A44-FE15-4878-997A-51D4EEE3A108}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{121E0176-3FDF-4676-A35F-0D42B03D79D5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87CE565A-FBEE-48E0-AA2D-DA51DFF9EC2C}] => (Allow) C:\Users\Default1\AppData\Local\Temp\7zS4842\HP.EasyStart.exe
FirewallRules: [{9AD757F0-2033-498F-B029-950FD2E3C64A}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{E3266D4C-9337-45D1-9F1D-81C0EBE6FF10}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{20955CCF-26BA-4DCA-93BE-4504FF614ABC}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{4FA966CE-6D2F-412D-AC4A-8B11548E20E0}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{199C4C77-3275-42D9-99DE-6DEA54161422}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{1552F580-8ED2-4381-A0D3-94A8D8E49901}] => (Allow) LPort=5357
FirewallRules: [{A237E0DE-4AE5-4932-9B5B-A87EA1DC32C0}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B173124A-8C10-483C-92E4-D7ADC35B0A0F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF0AE66F-8738-49D4-8334-62D7791085E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2172B2A6-F172-43EE-9D49-0CD52708C004}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63798B9E-8E99-40A4-8655-E1FA51E8E239}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4320A22F-41C1-4E8C-BDE6-E44EEBD1FC72}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2270350C-CDB9-426C-B6E1-8EF2EC03E33E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-04-2017 14:33:26 Scheduled Checkpoint
19-04-2017 12:20:34 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2017 09:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameConsole-wt.exe, version: 4.0.23.8, time stamp: 0x50009527
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ae12
Exception code: 0xc0000005
Fault offset: 0x0000993d
Faulting process id: 0xa98
Faulting application start time: 0x01d2bfbb539c7895
Faulting application path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
Faulting module path: C:\Windows\SYSTEM32\msvcrt.dll
Report Id: a1727a29-2bae-11e7-be9f-b888e3b7c974
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/26/2017 01:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1313
 
Error: (04/26/2017 01:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1313
 
Error: (04/26/2017 01:22:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/24/2017 11:15:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16384, time stamp: 0x50108897
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010acd2
Exception code: 0xc000000d
Fault offset: 0x00000000000f4828
Faulting process id: 0x1a24
Faulting application start time: 0x01d2bd71ee3fc2d0
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 7f889e36-2965-11e7-be9c-b888e3b7c974
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/24/2017 03:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58470329
 
Error: (04/24/2017 03:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58470329
 
Error: (04/24/2017 03:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/24/2017 03:59:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58468891
 
Error: (04/24/2017 03:59:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58468891
 
 
System errors:
=============
Error: (04/27/2017 09:05:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:05:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:05:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
Error: (04/27/2017 09:04:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 62%
Total physical RAM: 3909.27 MB
Available physical RAM: 1484.25 MB
Total Virtual: 13909.27 MB
Available Virtual: 10859.94 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:449.19 GB) (Free:365.98 GB) NTFS
Drive d: (GHOST_SHIP) (CDROM) (Total:7.1 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:0.96 GB) (Free:0 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 530B13A9)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 982.5 MB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Edited by scannejr, 27 April 2017 - 07:57 PM.

  • 0

Advertisements

#2
zep516
Posted 28 April 2017 - 12:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First step
Programs to remove
Java 8 Update 102
Old versions of Java are an infection risk, in fact the whole platform is an infection risk. Only install Java if you know you absolutely need it.

Out of date Anti Virus
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Next step
Download the enclosed => Attached File  fixlist.txt   3.74KB   145 downloads file. Save it in the location FRST64 is->(C:\Users\Default1\Downloads) Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, ->(C:\Users\Default1\Downloads) (Fixlog.txt). Please post it to your reply.
  • 0

#3
scannejr
Posted 28 April 2017 - 02:12 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

You are so amazing! Here is the fixlog. Do you think I may be resolved? Is there any other programs or recommendations you may have?

 

Thanks so much!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Default1 (28-04-2017 15:55:37) Run:1
Running from C:\Users\Default1\Downloads
Loaded Profiles: Default1 (Available Profiles: Default1 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\...\MountPoints2: {85a55b3d-65be-11e2-be69-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0
SearchScopes: HKU\S-1-5-21-2142470428-2383440531-759292562-1001 -> DefaultScope {CFC1872A-6872-478F-A6F4-3127D929FF8E} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
Toolbar: HKU\S-1-5-21-2142470428-2383440531-759292562-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
2013-12-27 04:29 - 2006-10-28 01:28 - 0145184 ____R (Microsoft Corporation) C:\Users\Default1\AppData\Local\Temp\ose00000.exe
2016-09-14 23:44 - 2006-10-28 01:28 - 0145184 ____R (Microsoft Corporation) C:\Users\Default1\AppData\Local\Temp\ose00001.exe
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Default1\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File  
Task: {E3D80F80-077D-4624-A6A9-A59D0D68D70F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-16] (Google Inc.)
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85a55b3d-65be-11e2-be69-806e6f6e6963} => key removed successfully
HKCR\CLSID\{85a55b3d-65be-11e2-be69-806e6f6e6963} => key not found. 
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key removed successfully
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKU\S-1-5-21-2142470428-2383440531-759292562-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
HKCR\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found. 
HKLM\System\CurrentControlSet\Services\InstallerService => key removed successfully
InstallerService => service removed successfully
C:\Users\Default1\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Default1\AppData\Local\Temp\ose00001.exe => moved successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-2142470428-2383440531-759292562-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3D80F80-077D-4624-A6A9-A59D0D68D70F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3D80F80-077D-4624-A6A9-A59D0D68D70F} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {CCA53FAB-6E86-42DE-B1E2-5CD2627E3B42}.
{0B163358-72FD-46E3-AC88-A6A4FE278708} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38496433 B
Java, Flash, Steam htmlcache => 708 B
Windows/system/drivers => 147920134 B
Edge => 0 B
Chrome => 336170915 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 1430201 B
LocalService => 757041 B
NetworkService => 550580 B
Default1 => 1248748367 B
Administrator => 12314 B
 
RecycleBin => 2474143 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:57:41 ====

  • 0

#4
zep516
Posted 28 April 2017 - 02:17 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

The computer looks ok from a stand point of log files.

I'd like to see that Malwaerebytes log that you said you ran to clean up the infection you had. See if you can find it.

open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#5
scannejr
Posted 28 April 2017 - 02:24 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I ran both malwarebytes and the adwcleaner. 

 

Should I send both?


  • 0

#6
zep516
Posted 28 April 2017 - 02:26 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Yes, lets take a look at those.
  • 0

#7
scannejr
Posted 28 April 2017 - 02:26 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/27/17
Scan Time: 6:30 PM
Logfile: mwb.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.103
Update Package Version: 1.0.1822
License: Free
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: Default\Default1
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389114
Time Elapsed: 14 min, 59 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Quarantined, [2139], [376101],1.0.1822
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [2139], [376101],1.0.1822
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage, Quarantined, [2139], [376100],1.0.1822
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage-journal, Quarantined, [2139], [376100],1.0.1822
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
scannejr
Posted 28 April 2017 - 02:26 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/27/17
Scan Time: 6:30 PM
Logfile: mwb.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.103
Update Package Version: 1.0.1822
License: Free
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: Default\Default1
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389114
Time Elapsed: 14 min, 59 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Quarantined, [2139], [376101],1.0.1822
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [2139], [376101],1.0.1822
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage, Quarantined, [2139], [376100],1.0.1822
PUP.Optional.FullTab, C:\USERS\DEFAULT1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage-journal, Quarantined, [2139], [376100],1.0.1822
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
zep516
Posted 28 April 2017 - 02:28 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
That's 2 malwarebytes logs

Post the adwCleaner log next
  • 0

#10
scannejr
Posted 28 April 2017 - 02:29 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Sorry, I posted MWB twice. 

 

How do I retain the original Adwcleaner report. It is just an executable correct?


  • 0

#11
zep516
Posted 28 April 2017 - 02:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
This report is saved to C:\AdwCleaner\AdwCleaner[C0].txt

Check there if you can find it, if not don't worry, run this next:

Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

  • 0

#12
scannejr
Posted 28 April 2017 - 02:37 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
# AdwCleaner v6.046 - Logfile created 27/04/2017 at 19:59:16
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 8  (X64)
# Username : Default1 - DEFAULT
# Running from : C:\Users\Default1\Downloads\adwcleaner_6.046 (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Default1\AppData\LocalLow\adawaretb
[-] Folder deleted: C:\ProgramData\blekko toolbars
[-] Folder deleted: C:\Program Files (x86)\Toolbar Cleaner
[-] Folder deleted: C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[-] Folder deleted: C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\adawaretb
[-] Key deleted: HKLM\SOFTWARE\Toolbar Cleaner
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Default1\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oejkcgajlodefenbbjdnaiahmbnnoole
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1904 Bytes] - [27/04/2017 19:59:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [2152 Bytes] - [27/04/2017 19:51:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2050 Bytes] ##########

  • 0

#13
zep516
Posted 28 April 2017 - 02:39 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Looks good a basic clean up.

Post the JRT Log next, it will address most browser issues if found
  • 0

#14
scannejr
Posted 28 April 2017 - 02:44 PM

scannejr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8 x64 
Ran by Default1 (Administrator) on Fri 04/28/2017 at 16:41:10.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/28/2017 at 16:43:31.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#15
zep516
Posted 28 April 2017 - 02:48 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello scannejr,

I see no signs of malware on your computer, make sure your Anti Virus is up dated as I mentioned before. I'll have a few more tips for you in the closing topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP