Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unsure if I have a virus or malware [Solved]

Started by opalchance , Aug 12 2017 03:16 PM

  • This topic is locked This topic is locked

#1
opalchance
Posted 12 August 2017 - 03:16 PM

opalchance

    Member

  • Member
  • PipPip
  • 21 posts

I have a HP Ultrabook, Windows 8.1, 64 bit.   I am having trouble downloading things, my files will disappear and then show back up, sometimes I can't open Word or Excel, and then they'll work again.  My computer will run really slow and sometimes, when i try to sign in I can't get past the the lock screen.

 

I have checked for new updates, checked for viruses with Norton Security and then tried to optimize the drives to create more space to clean things up a little.   Below are the FRST files I just did and below that the "addition"

 

I don't know for sure if I have a virus/malware or some other problem

 

Thank you !

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by Jennifer (administrator) on JENNSLAPTOP (12-08-2017 14:01:10)
Running from C:\Users\Jennifer\Downloads
Loaded Profiles: Jennifer (Available Profiles: Jennifer)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Jennifer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1 <==== ATTENTION
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [Chromium] => c:\users\jennifer\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [Spotify] => C:\Users\Jennifer\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-11] (Spotify Ltd)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [Spotify Web Helper] => C:\Users\Jennifer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-11] (Spotify Ltd)
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\RunOnce: [Uninstall C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\RunOnce: [Uninstall C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\RunOnce: [Uninstall C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\MountPoints2: {242ec1cd-2c1e-11e6-be8b-6c3be58a7dd4} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2015-11-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-05-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2016-02-16]
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{296471D3-8F0B-46BA-AA98-8477D4174CB2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE03FE3D-E20D-46C7-89FE-731028AF6C64}: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmshp_17_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CtA0B0EyDzz0AyB0D0DyE0ByD0EyCtN0D0Tzu0StCzytAyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0B0FzyyB0CtBtGtD0F0DyDtG0FtCyCzytGtByCtDyEtGzz0DtByEtByEtDtCzytA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCtCyB0CyDtAyDtG0BtAyB0EtGyEtAzz0AtGzyyByC0CtGtC0CtAtCtC0Czz0C0F0C0C0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtCtB%26cr%3D911188361%26a%3Dwbf_gmshp_17_16%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmshp_17_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CtA0B0EyDzz0AyB0D0DyE0ByD0EyCtN0D0Tzu0StCzytAyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0B0FzyyB0CtBtGtD0F0DyDtG0FtCyCzytGtByCtDyEtGzz0DtByEtByEtDtCzytA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCtCyB0CyDtAyDtG0BtAyB0EtGyEtAzz0AtGzyyByC0CtGtC0CtAtCtC0Czz0C0F0C0C0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtCtB%26cr%3D911188361%26a%3Dwbf_gmshp_17_16%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmshp_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CtA0B0EyDzz0AyB0D0DyE0ByD0EyCtN0D0Tzu0StCzytAyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0B0FzyyB0CtBtGtD0F0DyDtG0FtCyCzytGtByCtDyEtGzz0DtByEtByEtDtCzytA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCtCyB0CyDtAyDtG0BtAyB0EtGyEtAzz0AtGzyyByC0CtGtC0CtAtCtC0Czz0C0F0C0C0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtCtB%26cr%3D911188361%26a%3Dwbf_gmshp_17_16%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmshp_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CtA0B0EyDzz0AyB0D0DyE0ByD0EyCtN0D0Tzu0StCzytAyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0B0FzyyB0CtBtGtD0F0DyDtG0FtCyCzytGtByCtDyEtGzz0DtByEtByEtDtCzytA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCtCyB0CyDtAyDtG0BtAyB0EtGyEtAzz0AtGzyyByC0CtGtC0CtAtCtC0Czz0C0F0C0C0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtCtB%26cr%3D911188361%26a%3Dwbf_gmshp_17_16%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {372BA16F-58B8-43E2-B4B3-5B1517B64BA5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmshp_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CtA0B0EyDzz0AyB0D0DyE0ByD0EyCtN0D0Tzu0StCzytAyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0B0FzyyB0CtBtGtD0F0DyDtG0FtCyCzytGtByCtDyEtGzz0DtByEtByEtDtCzytA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCtCyB0CyDtAyDtG0BtAyB0EtGyEtAzz0AtGzyyByC0CtGtC0CtAtCtC0Czz0C0F0C0C0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtCtB%26cr%3D911188361%26a%3Dwbf_gmshp_17_16%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmshp_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CtA0B0EyDzz0AyB0D0DyE0ByD0EyCtN0D0Tzu0StCzytAyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0B0FzyyB0CtBtGtD0F0DyDtG0FtCyCzytGtByCtDyEtGzz0DtByEtByEtDtCzytA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCtCyB0CyDtAyDtG0BtAyB0EtGyEtAzz0AtGzyyByC0CtGtC0CtAtCtC0Czz0C0F0C0C0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtCtB%26cr%3D911188361%26a%3Dwbf_gmshp_17_16%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {372BA16F-58B8-43E2-B4B3-5B1517B64BA5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-606400778-1865223140-3930539225-1001 -> {372BA16F-58B8-43E2-B4B3-5B1517B64BA5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-606400778-1865223140-3930539225-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1009600&geo=US&ver=22.9.1.12&locale=en_US&guid=E440543E-B080-4E83-BD21-724EF06A934D&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-606400778-1865223140-3930539225-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-26] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-606400778-1865223140-3930539225-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon [2017-08-11]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-26] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND","hxxp://www.sou.edu/","hxxp://inside.sou.edu/"
CHR NewTab: Default ->  Not-active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default [2017-08-12]
CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-07-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-07-14]
CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Adobe Acrobat) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-28]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2017-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Pinterest Save Button) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-08-12]
CHR Extension: (Norton Safe) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-05-09]
CHR Extension: (Norton Identity Safe) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-05-09]
CHR Extension: (Skype) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-17] (McAfee, Inc.)
R2 NS; C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe [326144 2017-07-14] (Symantec Corporation)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176936 2016-08-18] (Impulse Point, LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\BASHDefs\20170807.003\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFSrv; C:\WINDOWS\system32\svchost.exe [38792 2014-11-21] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U4 BthHFSrv; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-11-21] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\IPSDefs\20170811.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2015-11-20] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\160A000.055\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-12 14:01 - 2017-08-12 14:01 - 000033756 _____ C:\Users\Jennifer\Downloads\FRST.txt
2017-08-12 14:00 - 2017-08-12 14:00 - 002395648 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64.exe
2017-08-12 13:21 - 2017-08-12 13:21 - 000000000 ____D C:\Jenn110215
2017-08-12 08:57 - 2017-08-12 08:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-08-11 22:59 - 2017-07-21 06:40 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-11 22:59 - 2017-07-21 06:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-11 22:59 - 2017-07-13 23:49 - 025733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-11 22:59 - 2017-07-13 22:35 - 005981184 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-11 22:59 - 2017-07-13 21:40 - 015254016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-11 22:59 - 2017-07-13 19:54 - 020270080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-11 22:59 - 2017-07-13 19:17 - 004546048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-11 22:59 - 2017-07-08 12:12 - 004169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-08-11 22:59 - 2017-07-08 10:45 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-08-11 22:59 - 2017-07-08 10:05 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-11 22:59 - 2017-07-08 09:39 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-08-11 22:59 - 2017-07-08 09:37 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-11 22:59 - 2017-07-08 09:23 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-11 22:59 - 2017-07-08 08:59 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-11 22:59 - 2017-07-01 06:47 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-11 22:59 - 2017-06-13 00:50 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-11 22:59 - 2017-06-11 13:02 - 002778112 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-08-11 22:59 - 2017-06-07 18:48 - 002457936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-11 22:58 - 2017-08-01 20:17 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-11 22:58 - 2017-07-15 03:10 - 000536688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-11 22:58 - 2017-07-15 03:10 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-11 22:58 - 2017-07-15 03:06 - 000449840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-11 22:58 - 2017-07-15 03:06 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-11 22:58 - 2017-07-14 13:08 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2017-08-11 22:58 - 2017-07-14 11:44 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2017-08-11 22:58 - 2017-07-13 23:44 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-08-11 22:58 - 2017-07-13 23:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-08-11 22:58 - 2017-07-13 22:26 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-08-11 22:58 - 2017-07-13 22:10 - 000806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-11 22:58 - 2017-07-13 21:23 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-11 22:58 - 2017-07-13 21:07 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-11 22:58 - 2017-07-13 20:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-08-11 22:58 - 2017-07-13 19:48 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-08-11 22:58 - 2017-07-13 19:38 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-08-11 22:58 - 2017-07-13 19:17 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-08-11 22:58 - 2017-07-13 19:12 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-11 22:58 - 2017-07-13 19:09 - 013663744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-11 22:58 - 2017-07-13 18:53 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-11 22:58 - 2017-07-13 18:50 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-11 22:58 - 2017-07-13 18:48 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-08-11 22:58 - 2017-07-08 13:14 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-11 22:58 - 2017-07-07 20:46 - 000377688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgrx.sys
2017-08-11 22:58 - 2017-07-07 20:16 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-11 22:58 - 2017-07-07 20:16 - 001674520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-08-11 22:58 - 2017-07-07 20:16 - 001534072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-08-11 22:58 - 2017-07-07 20:16 - 001499920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-08-11 22:58 - 2017-07-07 20:16 - 001370328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-08-11 22:58 - 2017-07-07 20:16 - 000086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-08-11 22:58 - 2017-07-01 06:47 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-11 22:58 - 2017-07-01 06:47 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-11 22:58 - 2017-07-01 06:47 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-11 22:58 - 2017-07-01 06:47 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-11 22:58 - 2017-06-24 09:46 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2017-08-11 22:58 - 2017-06-24 09:16 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2017-08-11 22:58 - 2017-06-15 07:17 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-11 22:58 - 2017-06-15 07:16 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-11 22:58 - 2017-06-13 10:51 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-11 22:58 - 2017-06-13 10:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-11 22:58 - 2017-06-13 10:19 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-08-11 22:58 - 2017-06-13 10:16 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-08-11 22:58 - 2017-06-13 10:11 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-08-11 22:58 - 2017-06-13 10:07 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2017-08-11 22:58 - 2017-06-13 07:17 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-11 22:58 - 2017-06-13 07:16 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-11 22:58 - 2017-06-13 02:47 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-08-11 22:58 - 2017-06-13 02:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-11 22:58 - 2017-06-13 01:22 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-11 22:58 - 2017-06-13 01:16 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-08-11 22:58 - 2017-06-13 01:10 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-08-11 22:58 - 2017-06-13 01:07 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2017-08-11 22:58 - 2017-06-13 01:03 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-08-11 22:58 - 2017-06-13 00:54 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2017-08-11 22:58 - 2017-06-11 17:14 - 000276320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-11 22:58 - 2017-06-11 13:13 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-08-11 22:58 - 2017-06-11 13:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-08-11 22:58 - 2017-06-11 13:02 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-08-11 22:58 - 2017-06-11 12:52 - 002463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-08-11 22:58 - 2017-06-09 06:47 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-11 22:58 - 2017-06-08 10:01 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-11 22:58 - 2017-06-08 10:01 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-11 22:58 - 2017-06-06 21:25 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-08-11 22:58 - 2017-06-06 11:38 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-11 22:58 - 2017-06-06 10:44 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-11 22:58 - 2017-05-27 09:42 - 001115136 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-08-11 22:58 - 2017-05-27 09:38 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2017-08-11 12:54 - 2017-04-21 14:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-11 12:54 - 2017-04-21 14:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-11 12:53 - 2017-04-21 14:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-11 12:53 - 2017-04-21 14:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-08-11 12:53 - 2017-04-11 11:27 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-08-11 12:53 - 2017-04-11 11:27 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-08-11 12:53 - 2017-03-15 11:15 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-08-11 12:53 - 2017-03-15 11:15 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-08-11 11:27 - 2017-08-11 11:27 - 000000000 ____D C:\Users\Jennifer\AppData\Local\HPConnectedMusic
2017-08-11 11:19 - 2017-08-12 14:01 - 000000000 ____D C:\FRST
2017-08-11 11:08 - 2017-08-12 13:47 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJennifer.job
2017-08-11 11:08 - 2017-08-11 11:08 - 000003188 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJennifer
2017-08-11 10:45 - 2017-08-11 10:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-08-11 10:40 - 2017-08-11 10:40 - 000003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-08-09 14:10 - 2017-08-09 14:10 - 000000000 _____ C:\Users\Jennifer\AppData\Local\{12B06A6D-881F-4A14-A7CB-1FEE9F47DB15}
2017-08-03 19:30 - 2017-08-03 19:31 - 081694526 _____ C:\Users\Jennifer\Downloads\Kev and I .zip
2017-07-24 23:27 - 2017-07-24 23:27 - 000003184 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-606400778-1865223140-3930539225-1001
2017-07-14 20:15 - 2017-06-11 08:15 - 002013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-14 20:14 - 2017-07-06 01:52 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-14 20:14 - 2017-06-15 15:02 - 000990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-14 20:14 - 2017-06-11 15:21 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2017-07-14 20:14 - 2017-06-11 14:43 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-14 20:14 - 2017-06-11 14:25 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2017-07-14 20:14 - 2017-06-11 14:15 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-14 20:14 - 2017-06-11 14:08 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-14 20:14 - 2017-06-11 14:07 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2017-07-14 20:14 - 2017-06-11 14:00 - 000962560 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-14 20:14 - 2017-06-11 13:58 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-14 20:14 - 2017-06-11 13:40 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-14 20:14 - 2017-06-11 13:35 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-14 20:14 - 2017-06-11 13:31 - 000781312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-14 20:14 - 2017-06-06 13:52 - 003120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-14 20:14 - 2017-06-06 13:42 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-07-14 20:14 - 2017-06-06 13:38 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2017-07-14 20:14 - 2017-06-06 13:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2017-07-14 20:14 - 2017-06-06 13:36 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
2017-07-14 20:14 - 2017-06-06 13:35 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-07-14 20:14 - 2017-06-06 12:13 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2017-07-14 20:14 - 2017-06-06 12:11 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-07-14 20:14 - 2017-06-06 12:11 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-07-14 20:14 - 2017-06-06 12:11 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2017-07-14 20:14 - 2017-06-06 12:11 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2017-07-14 20:14 - 2017-06-06 12:08 - 002712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-14 20:14 - 2017-06-06 12:03 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-07-14 20:14 - 2017-06-06 11:59 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
2017-07-14 20:14 - 2017-06-06 11:57 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
2017-07-14 20:14 - 2017-06-06 11:56 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-07-14 20:14 - 2017-06-06 11:03 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2017-07-14 20:14 - 2017-06-06 11:02 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-07-14 20:14 - 2017-06-06 11:02 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-07-14 20:14 - 2017-06-06 11:02 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
2017-07-14 20:14 - 2017-06-06 11:02 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uexfat.dll
2017-07-14 20:14 - 2017-06-03 09:27 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-14 20:14 - 2017-06-03 09:03 - 001549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-14 20:14 - 2017-06-02 05:15 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-14 20:14 - 2017-06-02 05:12 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-07-14 20:14 - 2017-06-02 05:12 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-07-14 20:14 - 2017-06-02 05:06 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-14 20:14 - 2017-06-02 05:01 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-07-14 20:14 - 2017-06-02 04:03 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-14 20:14 - 2017-06-02 03:25 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-14 20:14 - 2017-06-02 03:24 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-07-14 20:14 - 2017-06-02 03:17 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-07-14 20:14 - 2017-06-02 02:43 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-14 20:14 - 2017-05-31 14:20 - 000470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-14 20:14 - 2017-05-15 15:09 - 000057688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-07-14 20:14 - 2017-05-15 13:03 - 000379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-14 20:14 - 2017-05-15 12:58 - 000121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-14 20:14 - 2017-05-14 13:19 - 001364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-07-14 20:14 - 2017-05-14 12:04 - 000315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-14 20:14 - 2017-05-14 12:03 - 000373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-14 20:14 - 2017-05-14 11:13 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-07-14 20:14 - 2017-05-12 10:05 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-14 20:14 - 2017-05-12 09:16 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-14 20:14 - 2017-05-12 09:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-14 20:14 - 2017-05-12 08:51 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-07-14 20:14 - 2017-05-12 08:50 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-07-14 20:14 - 2017-05-12 08:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-14 20:14 - 2017-05-12 08:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-14 20:14 - 2017-05-11 21:10 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-14 20:14 - 2017-05-11 19:58 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-14 20:14 - 2017-05-11 19:48 - 001377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-14 20:14 - 2017-05-11 19:18 - 003714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-14 20:14 - 2017-05-11 19:11 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-07-14 20:14 - 2017-05-11 19:10 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-07-14 20:14 - 2017-05-11 19:07 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-07-14 20:14 - 2017-05-11 19:06 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-14 20:14 - 2017-05-11 19:04 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-14 20:14 - 2017-05-11 19:00 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-07-14 20:14 - 2017-05-11 16:36 - 022361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-14 20:14 - 2017-05-11 16:32 - 019788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-14 20:14 - 2017-05-10 11:19 - 000101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-07-14 20:14 - 2017-05-09 07:37 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2017-07-14 20:14 - 2017-05-09 07:35 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2017-07-14 20:14 - 2017-05-09 07:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2017-07-14 20:14 - 2017-05-09 07:29 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-14 20:14 - 2017-05-09 07:28 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2017-07-14 20:14 - 2017-05-09 07:28 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2017-07-14 20:14 - 2017-05-06 09:05 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-14 20:14 - 2017-05-06 09:04 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-14 20:14 - 2017-05-02 13:09 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-14 20:14 - 2017-05-02 13:08 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-14 20:14 - 2017-05-02 13:08 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-07-14 20:14 - 2017-05-02 11:41 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-07-14 20:14 - 2017-05-02 11:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-07-14 20:14 - 2017-05-02 11:31 - 000207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\smbwmiv2.dll
2017-07-14 20:14 - 2017-05-02 10:35 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-07-14 20:14 - 2017-04-30 09:48 - 000080078 _____ C:\WINDOWS\system32\normidna.nls
2017-07-14 20:14 - 2017-04-27 18:13 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-14 20:14 - 2017-04-27 18:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-14 20:14 - 2017-04-06 10:16 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-07-14 20:14 - 2017-04-06 09:46 - 000434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-07-14 20:14 - 2017-04-06 09:35 - 001362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-07-14 20:14 - 2017-04-06 09:15 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-07-14 20:14 - 2017-04-06 08:44 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-07-14 20:14 - 2017-04-02 07:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-07-14 19:58 - 2017-05-03 16:11 - 000103600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-14 19:58 - 2017-05-03 06:43 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 001206272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 000325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-14 19:58 - 2017-05-03 06:43 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-12 13:53 - 2014-11-21 01:44 - 000981696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-12 13:53 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2017-08-12 13:50 - 2012-09-26 09:53 - 000000950 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-08-12 13:49 - 2016-01-23 15:40 - 000000000 ____D C:\Users\Jennifer\AppData\Local\Spotify
2017-08-12 13:49 - 2016-01-23 15:39 - 000000000 ____D C:\Users\Jennifer\AppData\Roaming\Spotify
2017-08-12 13:49 - 2015-11-24 11:14 - 000000000 ____D C:\Users\Jennifer\OneDrive
2017-08-12 13:48 - 2015-11-24 11:10 - 000000000 __SHD C:\Users\Jennifer\IntelGraphicsProfiles
2017-08-12 13:48 - 2015-11-08 22:12 - 000000388 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2017-08-12 13:48 - 2013-04-26 08:19 - 000003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2017-08-12 13:47 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-12 13:47 - 2013-08-22 07:44 - 005174888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-12 13:47 - 2013-04-26 08:19 - 000000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2017-08-12 13:46 - 2013-08-22 06:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-12 13:42 - 2015-11-28 21:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-08-12 13:42 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-08-12 13:42 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-12 13:42 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-08-12 13:42 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-12 13:37 - 2015-11-05 12:17 - 000003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{386DECB3-819E-4BF2-B1FE-2E2B2B2BEDFD}
2017-08-12 13:25 - 2016-08-11 13:36 - 000000000 ____D C:\Users\Jennifer\Documents\Tyler 2013
2017-08-12 13:25 - 2016-08-11 13:10 - 000000000 ____D C:\Users\Jennifer\Documents\Roxanne 2014
2017-08-12 12:17 - 2015-11-10 11:09 - 000000203 _____ C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2017-08-12 05:36 - 2015-11-05 12:22 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-606400778-1865223140-3930539225-1001
2017-08-12 02:19 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-12 02:19 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-11 23:07 - 2015-11-08 22:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-11 23:01 - 2015-11-08 22:31 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-11 12:47 - 2015-11-19 01:41 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-11 11:38 - 2015-11-05 12:34 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-11 11:38 - 2015-11-05 12:34 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-11 11:28 - 2015-11-05 12:14 - 000000000 ____D C:\Users\Jennifer\AppData\Local\Packages
2017-08-11 11:12 - 2016-01-24 22:08 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-11 11:12 - 2016-01-24 22:08 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-11 10:40 - 2017-05-09 19:27 - 000002271 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-08-11 10:40 - 2017-05-09 19:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-08-11 10:40 - 2017-05-09 19:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-08-11 10:40 - 2013-08-22 06:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-08-11 10:38 - 2015-11-23 22:50 - 000000000 ____D C:\Users\Jennifer
2017-07-28 17:03 - 2016-11-30 16:18 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-28 17:03 - 2016-11-30 16:18 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-26 14:18 - 2016-09-30 13:16 - 000000000 ____D C:\Users\Jennifer\Documents\2College
2017-07-26 14:13 - 2016-08-11 12:58 - 000000000 ____D C:\Users\Jennifer\Documents\Kenya Dec 21 2013
2017-07-26 14:11 - 2016-08-11 13:29 - 000000000 ____D C:\Users\Jennifer\Documents\DECA
2017-07-24 23:27 - 2016-04-22 17:00 - 000002352 _____ C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-24 23:27 - 2015-11-24 23:58 - 000003192 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-606400778-1865223140-3930539225-1001
2017-07-23 21:45 - 2017-05-09 19:27 - 000102568 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-07-23 21:45 - 2017-05-09 19:27 - 000008309 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-07-15 11:21 - 2015-11-08 20:44 - 000000000 ____D C:\Program Files (x86)\DriverToolkit
2017-07-14 19:56 - 2017-04-12 13:58 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-07-14 19:56 - 2017-04-12 13:58 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-14 19:55 - 2017-04-12 13:58 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-14 16:35 - 2012-07-26 01:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
 
==================== Files in the root of some directories =======
 
2011-12-15 12:56 - 2011-12-15 12:56 - 000000420 _____ () C:\Program Files (x86)\CHANGELOG.txt
2011-12-15 12:56 - 2011-12-15 12:56 - 003694592 _____ ( ) C:\Program Files (x86)\iTextSharp.dll
2011-12-15 12:56 - 2011-12-15 12:56 - 000035821 _____ () C:\Program Files (x86)\LICENSE.txt
2011-12-15 12:55 - 2011-12-15 12:55 - 000060928 _____ () C:\Program Files (x86)\PDFBinder.exe
2016-01-24 21:44 - 2016-01-24 21:44 - 000002012 _____ () C:\Program Files (x86)\PDFBinder.InstallState
2011-12-15 12:56 - 2011-12-15 12:56 - 000002616 _____ () C:\Program Files (x86)\README.txt
2011-12-15 12:56 - 2011-12-15 12:56 - 000004054 _____ () C:\Program Files (x86)\setup-banner.jpg
2015-11-05 12:15 - 2015-12-06 17:52 - 000007921 _____ () C:\Users\Jennifer\AppData\Roaming\AbsoluteReminder.xml
2015-11-29 19:33 - 2016-07-23 15:33 - 000000034 _____ () C:\Users\Jennifer\AppData\Roaming\AdobeWLCMCache.dat
2015-11-30 19:04 - 2015-11-30 19:04 - 000000078 _____ () C:\Users\Jennifer\AppData\Roaming\Camdata.ini
2015-11-30 19:04 - 2015-11-30 19:04 - 000000408 _____ () C:\Users\Jennifer\AppData\Roaming\CamLayout.ini
2015-11-30 19:04 - 2015-11-30 19:04 - 000000408 _____ () C:\Users\Jennifer\AppData\Roaming\CamShapes.ini
2015-11-30 18:48 - 2015-11-30 19:04 - 000004549 _____ () C:\Users\Jennifer\AppData\Roaming\CamStudio.cfg
2015-11-30 18:11 - 2015-11-30 18:40 - 000000096 _____ () C:\Users\Jennifer\AppData\Roaming\version2.xml
2017-04-22 02:32 - 2017-04-22 02:32 - 000000045 _____ () C:\Users\Jennifer\AppData\Roaming\WB.CFG
2017-01-27 18:35 - 2017-03-10 15:07 - 000000600 _____ () C:\Users\Jennifer\AppData\Roaming\winscp.rnd
2016-01-24 22:00 - 2016-04-04 09:12 - 000001456 _____ () C:\Users\Jennifer\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-09 14:10 - 2017-08-09 14:10 - 000000000 _____ () C:\Users\Jennifer\AppData\Local\{12B06A6D-881F-4A14-A7CB-1FEE9F47DB15}
2015-11-05 12:16 - 2015-11-05 12:16 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-11 10:51
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Jennifer (12-08-2017 14:03:00)
Running from C:\Users\Jennifer\Downloads
Windows 8.1 (Update) (X64) (2015-11-24 18:10:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-606400778-1865223140-3930539225-500 - Administrator - Disabled)
Guest (S-1-5-21-606400778-1865223140-3930539225-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-606400778-1865223140-3930539225-1005 - Limited - Enabled)
Jennifer (S-1-5-21-606400778-1865223140-3930539225-1001 - Administrator - Enabled) => C:\Users\Jennifer
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-d0b4eac4-c748-4016-b4be-9b2f25cf69bb) (Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-1ab1a49c-5d22-4cb0-b30c-54ee03682483) (Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Amazon Kindle) (Version: 1.19.2.46095 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Azteca (HKLM-x32\...\WTA-b4cc65ec-ffa1-4c60-9c8f-d5c2c63df8cd) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-4d20e36b-73d3-49b6-b1a5-3c3ce8ed736d) (Version: 2.2.0.98 - WildTangent) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-4c749591-ec17-41c0-bab1-768f11b427b0) (Version: 2.2.0.98 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-e29faece-e00d-4081-a43c-1d201042b6e1) (Version: 2.2.0.98 - WildTangent) Hidden
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DriverToolkit version 8.5.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.5.0.0 - Megaify Software)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FATE: The Cursed King (HKLM-x32\...\WTA-7213599b-3aff-4dc7-989a-ab2e56a02e4b) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-b03e69ca-a23a-4b8e-9d02-c097857082b8) (Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-f9aff48d-69c7-4aa4-b662-7d99307ecbea) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{73A33079-D1A0-4469-8903-C4A48B4975E2}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-0e5e8bac-dccc-42a9-a4d9-d4187ee65671) (Version: 2.2.0.98 - WildTangent) Hidden
jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.3_02 Beta - Auburn University)
John Deere Drive Green (HKLM-x32\...\WTA-ce4df6a1-1581-47ca-9593-7749f5fa02d3) (Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (HKLM-x32\...\WTA-85abf72a-8b4d-41c1-9353-6b5a379f531e) (Version: 2.2.0.97 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-76817e15-327c-4029-bcc2-c6e94a373b7e) (Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.551.2 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4927.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4927.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-eeeb1ff6-e032-4f4e-9dc1-87224040ec00) (Version: 2.2.0.98 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.10.0.85 - Symantec Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Penguins! (HKLM-x32\...\WTA-b583afdb-8e63-4614-99c0-ef809b4a1ead) (Version: 2.2.0.98 - WildTangent) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Polar Bowler (HKLM-x32\...\WTA-b2d4b2e5-3653-4caf-9816-6442ac21f045) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-e0540422-b3f1-4c65-b090-ae5ee227267c) (Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-234a1938-5b15-4bf6-9627-10c67dedd988) (Version: 2.2.0.98 - WildTangent) Hidden
SafeConnect (HKLM-x32\...\SafeConnect) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\WTA-aee96c6b-fa45-430f-9a1c-31b95d93771f) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinSCP 5.9.4 (HKLM-x32\...\winscp3_is1) (Version: 5.9.4 - Martin Prikryl)
Zuma's Revenge (HKLM-x32\...\WTA-5196a124-3cc4-423f-a7fd-68bb60df6761) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-606400778-1865223140-3930539225-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-606400778-1865223140-3930539225-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-606400778-1865223140-3930539225-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2012-09-19] (TODO: <公司名>)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-03-16] (Apple Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0835FAA8-9719-407D-B9B0-BADF64650E2E} - System32\Tasks\{3EC09A90-9051-4915-B715-15685C5FC3A3} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.14.0.104&LastError=12029
Task: {0A3BF24B-ED59-44D0-BA88-53C410D8E411} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {0F694822-F3CA-4C96-A111-7153E5FCE91F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {13DB8C96-4C04-48EE-AB52-240D44C5C17A} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {17379044-75C4-4CD4-88B2-C75C6D4C0377} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {211897D8-989E-4883-8F0D-864F1207D2F1} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {2C875584-B0E3-48DB-92F2-7D05EBBB5D9A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {2FEED45E-2B9A-4C6F-B9DE-7824663CD18E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {342F2116-E72B-4229-881D-88F497191878} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {366CEC2A-C341-4CE6-8889-64D9D085910A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {3EAFFCA7-C45F-4B16-89E6-45906EEDFFDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {3F320929-900B-447A-ABFB-755A55141F6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {437F1411-4931-46E7-AD9C-718026B45411} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {4C289AB2-AE74-4BBA-8A20-FDB1AB1312E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {512FCAC5-245E-4080-BC61-9187C4697F18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {56262595-37DB-4E63-B676-82BCC27632D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-01] (HP Inc.)
Task: {56BB597F-4269-44F6-8CD9-C08C3FE337CA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {658DDA12-F0FA-46E0-83C2-CE59BAFD2352} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {6D12F9A4-45CB-4C40-8C29-109C58937A15} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {8171BB89-2730-4519-A213-3DC0539203E1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-03-14] (Microsoft Corporation)
Task: {8E3B86D5-B082-43D6-A5E8-999E66B46CFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {8F5EF877-CC07-4EA1-865D-EC88A6297F8E} - System32\Tasks\HPCeeScheduleForJennifer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {95793E58-4AD9-48AC-8C8F-EBB15F448F16} - System32\Tasks\{8AE567B1-994A-4273-B73C-1A40D7A505BC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {9C1267F1-03A9-4129-AE9B-B654FDB1411A} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [2015-07-01] (Megaify Software Co., Ltd.)
Task: {A73436BF-D522-4AAB-B443-13391E74A780} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {B1BB2538-5111-4D85-9496-62A0D800DD3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {BF5C6A1A-BE51-4F86-82A1-F39E6F1F6C6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {CA7FD10F-DA20-4350-AC61-951A0C161E83} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-20] (Synaptics Incorporated)
Task: {E55F8746-8DE1-4191-B556-E02DAD18BDA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {F5E70481-1610-4027-BCDF-32FBD27BCAF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJennifer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-05 20:37 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-07 03:50 - 2012-08-07 04:50 - 000607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2012-09-19 18:37 - 2012-09-19 18:37 - 000017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 000426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-25 19:21 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 000363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 000029960 _____ () C:\Windows\system32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 000062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2016-11-27 10:55 - 2016-11-27 10:55 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-08-11 11:38 - 2017-08-02 00:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-11 11:38 - 2017-08-02 00:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2012-09-24 14:27 - 2012-09-24 14:27 - 000335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 17:28 - 2012-05-02 17:28 - 000012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2015-11-08 20:44 - 2014-02-17 20:13 - 000092984 _____ () C:\Program Files (x86)\DriverToolkit\zlibwapi.dll
2017-05-16 03:26 - 2017-05-16 03:26 - 000325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2017-05-16 03:25 - 2017-05-16 03:25 - 000325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-04-26 08:11 - 2012-06-25 11:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2017-05-09 09:50 - 000002069 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\quote.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\StartupApproved\Run: => "Between"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\StartupApproved\Run: => "NowUSeeIt Player"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DC1A17FD-27A9-4586-A6D6-21869D57F1CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0D49EBFE-2980-4727-884C-0D3BABC18302}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DFD6883A-6219-451C-880A-7B96B2968832}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3AF21C5B-586D-47ED-97EC-F6BD6EA4297E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{8220AB24-D91D-4E42-85F5-5FDB4992D619}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{755594E0-D809-4C48-817D-425A62B9090C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B3E84BA8-0948-4762-9BD0-8E08C8ED9CA2}] => (Allow) C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{3064E2C2-7D48-4A3F-AF14-6F6915B06E73}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4D55530E-74CD-4113-AF86-E0FB89B0EB2A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6E62B66A-36A4-415B-95F9-DE9785545A08}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0F415846-2C4B-4F75-A27F-C4B06E0A4118}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{A7A33A5C-F8D0-4486-884D-BFAA5459AED5}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{CFA29450-1BFD-4884-B8BA-EE22E730B1F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4DED964-235D-4FAF-9C22-9C578F869520}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8799F126-BF1F-4930-B329-5CFA001B20F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2E8AE441-40D9-4AA7-935D-9FED47C07935}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE6460BA-76DF-4177-BA22-D78B6440E549}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{E2611488-0BAD-4D1B-BB3E-34389FE9FDF8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B27AD42C-9349-497F-8B33-23FD0F7514CE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{01C1EBD0-FCD6-4C6E-8F1F-756E9825C5E7}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{4B215E9A-EC12-419B-9935-921F2A769C50}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{DA7CB0D7-E9CE-469E-9046-A4973AA7636D}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{19193673-9489-41D2-8B8E-5540DBDA175F}] => (Allow) LPort=1900
FirewallRules: [{E63A5BC6-1118-4674-A9B6-2BAD22CBD564}] => (Allow) LPort=2869
FirewallRules: [{8AFB2AC9-1178-477B-BA02-A19BED67EA66}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BB49238-B3EC-49C4-AE69-781856853182}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B496DE49-E26F-464E-8E22-F159173B28A7}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{1373C727-0765-4181-AD19-806F464A1053}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{29805DFC-4442-44D7-88A7-A7DD76A119C7}] => (Allow) LPort=139
FirewallRules: [{6CE5D840-E1C3-42B4-980A-3211D1C308DE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CCB003C3-7A11-45C7-A1EB-ECF1F91B9D8C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1868730E-8B8D-40EB-9134-5077B2FEFB78}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{DAFC73D3-668B-45CA-A0FD-E6ECE2CD3DA7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E9BEFB4F-800F-4DDC-BF30-F90EE6404DE1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{1CE02B88-2A25-4F6D-98AE-1A599F2F84B6}C:\users\jennifer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jennifer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{724FAEA5-DCD4-4AAF-8AA9-1EAF1EE485C1}C:\users\jennifer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jennifer\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0D102892-B7DF-445E-86D9-A37C23AC457E}C:\users\jennifer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jennifer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{60BFB087-4739-40F7-A978-3E8AADDBD4D8}C:\users\jennifer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jennifer\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{573FBD6F-8FBA-4AB2-BDF5-A3776D1ADEB5}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{9C46BBC3-1AB9-4240-BE23-A57237F7C699}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{5B934C66-9E2F-40CA-829E-F8098A734B6C}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{F89623B1-C1F9-4DBF-A0BB-4200B6C05AFC}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [{ACFF310C-5E29-4D93-A53A-A1782B99C31D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F979AFC8-4973-47D1-9B65-6A302EB58308}C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{03E3A3CD-4C5C-477F-B159-56DAD770C9D0}C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [TCP Query User{8BE36E50-5C95-41DD-A347-4D5172DD377F}C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{454A8C2D-2630-4748-B84D-C4D6A550BED6}C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\jennifer\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [{BF159EA1-2FA1-4935-9E88-A7BD8F51D8A0}] => (Allow) C:\Users\Jennifer\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{59DA75EC-AB68-44A7-B552-E11DDABB236D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{06EE92C0-CE07-4551-9199-C9AF2590465D}] => (Allow) LPort=53000
FirewallRules: [{07C21058-5962-4649-AD40-F7A625994352}] => (Allow) LPort=52000
 
==================== Restore Points =========================
 
21-07-2017 01:23:13 Scheduled Checkpoint
29-07-2017 20:19:23 Scheduled Checkpoint
07-08-2017 15:52:54 Scheduled Checkpoint
11-08-2017 10:51:51 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Mini H20 speaker Stereo
Description: Bluetooth Stereo
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2DP
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Mini H20 speaker Hands-Free Audio and Call Control HID Enumerator
Description: Bluetooth Hands-Free Audio and Call Control HID Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthHFEnum
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: BeatsPill Hands-Free Audio and Call Control HID Enumerator
Description: Bluetooth Hands-Free Audio and Call Control HID Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthHFEnum
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Mini H20 speaker Audio/Video Remote Control HID
Description: Bluetooth Audio/Video Remote Control HID
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: BthAvrcpTg
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: BeatsPill Stereo
Description: Bluetooth Stereo
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2DP
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: BeatsPill Audio/Video Remote Control HID
Description: Bluetooth Audio/Video Remote Control HID
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: BthAvrcpTg
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2017 01:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3597422
 
Error: (08/12/2017 01:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3597422
 
Error: (08/12/2017 01:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/12/2017 08:41:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10808219
 
Error: (08/12/2017 08:41:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10808219
 
Error: (08/12/2017 08:41:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/12/2017 02:30:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 210265
 
Error: (08/12/2017 02:30:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 210265
 
Error: (08/12/2017 02:30:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/12/2017 02:30:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 209015
 
 
System errors:
=============
Error: (08/11/2017 01:02:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT3290 802.11bgn Wi-Fi Adapter.
 
Error: (08/11/2017 11:03:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT3290 802.11bgn Wi-Fi Adapter.
 
Error: (08/11/2017 10:39:02 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
 
Error: (08/11/2017 10:37:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/11/2017 10:37:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/10/2017 06:52:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/10/2017 06:50:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/10/2017 06:47:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/10/2017 06:45:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/10/2017 03:42:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-09 19:24:46.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-09 19:24:45.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 12:39:57.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 12:39:56.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 12:29:07.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-19 12:29:06.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-10 13:06:55.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-10 13:06:54.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-02 11:07:54.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-02 11:07:53.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 56%
Total physical RAM: 3992.28 MB
Available physical RAM: 1723.77 MB
Total Virtual: 7320.28 MB
Available Virtual: 4871.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:430.79 GB) (Free:178.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:33.03 GB) (Free:3.76 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 925AA7DD)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 9B41E52D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
JSntgRvr
Posted 12 August 2017 - 07:06 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Welcome. :)
  • Highlight the entire content of the quote box below.

Start::
FirewallRules: [{19193673-9489-41D2-8B8E-5540DBDA175F}] => (Allow) LPort=1900
FirewallRules: [{E63A5BC6-1118-4674-A9B6-2BAD22CBD564}] => (Allow) LPort=2869
FirewallRules: [{29805DFC-4442-44D7-88A7-A7DD76A119C7}] => (Allow) LPort=139
FirewallRules: [{06EE92C0-CE07-4551-9199-C9AF2590465D}] => (Allow) LPort=53000
FirewallRules: [{07C21058-5962-4649-AD40-F7A625994352}] => (Allow) LPort=52000
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1 <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
U4 BthHFSrv; C:\WINDOWS\system32\svchost.exe [38792 2014-11-21] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
opalchance
Posted 12 August 2017 - 09:41 PM

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

my apologies but what do I do with the text that I copied?   I highlighted the quote and copied it;  if i paste it into "search box" of FRST (opened with administrator privileges) and press the FIX button, I get error message "no fixlist.txt found"  


  • 0

#4
opalchance
Posted 12 August 2017 - 10:39 PM

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

in the meantime, I have pasted Junkware Removal text and AdwCleaner texts

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64 
Ran by Jennifer (Administrator) on Sat 08/12/2017 at 20:47:37.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\Jennifer\AppData\Local\drivertoolkit (Folder) 
Successfully deleted: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage (File) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 
Successfully deleted: C:\WINDOWS\system32\Tasks\DriverToolkit Autorun (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\ProfessionalPCCleaner_Popup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\ProfessionalPCCleaner_Start (Task)
Successfully deleted: C:\WINDOWS\Tasks\DriverToolkit Autorun.job (Task) 
Successfully deleted: C:\Program Files (x86)\drivertoolkit (Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{372BA16F-58B8-43E2-B4B3-5B1517B64BA5} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{372BA16F-58B8-43E2-B4B3-5B1517B64BA5} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/12/2017 at 20:53:14.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 04:02:15 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-11-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
PUP.Adware.Heuristic, C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | NowUSeeIt Player
PUP.Optional.NowUSeeItPlayer, [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\NowUSeeItPlayer
PUP.Optional.NowUSeeItPlayer, [Key] - HKCU\Software\NowUSeeItPlayer
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider found: mystart.incredibar.com - mystart.incredibar.com
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
 
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 04:03:47 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 8.1 (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Deleted: C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Deleted: [Value] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|NowUSeeIt Player
Deleted: [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\NowUSeeItPlayer
Deleted: [Key] - HKCU\Software\NowUSeeItPlayer
Deleted: [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: mystart.incredibar.com - mystart.incredibar.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2204 B] - [2017/8/13 4:2:15]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 

  • 0

#5
JSntgRvr
Posted 13 August 2017 - 10:39 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

my apologies but what do I do with the text that I copied?   I highlighted the quote and copied it;  if i paste it into "search box" of FRST (opened with administrator privileges) and press the FIX button, I get error message "no fixlist.txt found"

 
When you copy something, Windows will keep the information in a place call the Clipboard. When you copy the text above, it will be saved in the Clipboard. FRST will read the Clipboard when you click on Fix, and process the information therein.
  • 0

#6
JSntgRvr
Posted 13 August 2017 - 10:41 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
After the above, follow these steps:

favicon-32x32.png Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
02-malwarebytes-premium-scan-methods.jpg
  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.
  • 0

#7
opalchance
Posted 13 August 2017 - 05:08 PM

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

posted below are results from "FIX" on FRST and Malwarebytes scan

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Jennifer (13-08-2017 14:35:50) Run:1
Running from C:\Users\Jennifer\Desktop
Loaded Profiles: Jennifer (Available Profiles: Jennifer)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
FirewallRules: [{19193673-9489-41D2-8B8E-5540DBDA175F}] => (Allow) LPort=1900
FirewallRules: [{E63A5BC6-1118-4674-A9B6-2BAD22CBD564}] => (Allow) LPort=2869
FirewallRules: [{29805DFC-4442-44D7-88A7-A7DD76A119C7}] => (Allow) LPort=139
FirewallRules: [{06EE92C0-CE07-4551-9199-C9AF2590465D}] => (Allow) LPort=53000
FirewallRules: [{07C21058-5962-4649-AD40-F7A625994352}] => (Allow) LPort=52000
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1 <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
U4 BthHFSrv; C:\WINDOWS\system32\svchost.exe [38792 2014-11-21] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19193673-9489-41D2-8B8E-5540DBDA175F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E63A5BC6-1118-4674-A9B6-2BAD22CBD564} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29805DFC-4442-44D7-88A7-A7DD76A119C7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06EE92C0-CE07-4551-9199-C9AF2590465D} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07C21058-5962-4649-AD40-F7A625994352} => value not found.
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player => value not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\BthHFSrv => key removed successfully
BthHFSrv => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-DxpTaskRingtone/Analytic. The system cannot find the file specified.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{5ADEE565-73A9-4E2A-BFFB-EFCBBCAC6FB7} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19375226 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 137321 B
Edge => 0 B
Chrome => 335232411 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 34746 B
NetworkService => 1445648 B
Jennifer => 5941210 B
 
RecycleBin => 3548392 B
EmptyTemp: => 356.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:37:12 ====
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/13/17
Scan Time: 2:46 PM
Log File: Malwarebytes report.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2578
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: JENNSLAPTOP\Jennifer
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384795
Threats Detected: 15
Threats Quarantined: 15
Time Elapsed: 16 min, 45 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 6
PUP.Optional.ProfessionalPCCleaner, HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\ProfessionalPCCleanerLanguage, Quarantined, [11904], [252964],1.0.2578
PUP.Optional.WinYahoo, HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [71], [182758],1.0.2578
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [71], [182758],1.0.2578
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [71], [182758],1.0.2578
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [613], [389038],1.0.2578
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [613], [389038],1.0.2578
 
Registry Value: 3
PUP.Optional.NotChromeRun, HKU\S-1-5-21-606400778-1865223140-3930539225-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHROMIUM, Quarantined, [1363], [391151],1.0.2578
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [71], [182758],1.0.2578
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [71], [182758],1.0.2578
 
Registry Data: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [71], [293461],1.0.2578
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [71], [293461],1.0.2578
 
Data Stream: 0
(No malicious items detected)
 
Folder: 3
PUP.Optional.ProfessionalPCCleaner, C:\Users\Jennifer\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi\3.0.6.0, Quarantined, [11904], [181334],1.0.2578
PUP.Optional.ProfessionalPCCleaner, C:\Users\Jennifer\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi, Quarantined, [11904], [181334],1.0.2578
PUP.Optional.ProfessionalPCCleaner, C:\USERS\JENNIFER\APPDATA\LOCAL\Professional_PC_Cleaner, Quarantined, [11904], [181334],1.0.2578
 
File: 1
PUP.Optional.ProfessionalPCCleaner, C:\Users\Jennifer\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi\3.0.6.0\user.config, Quarantined, [11904], [181334],1.0.2578
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
JSntgRvr
Posted 13 August 2017 - 08:46 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
How is the computer doing?
  • 0

#9
opalchance
Posted 13 August 2017 - 08:56 PM

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

it seems a lot better !     I'll work on doing some downloads that we had problems with last week (college student and homework downloads - legitimate web sites)   Thank you so much for your help.   Was it just a lot of little things or is there something I should be watching out for ?


  • 0

#10
JSntgRvr
Posted 14 August 2017 - 07:46 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Just Adware and Potentially Unwanted programs.

Remove he quarantine:

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Keep always your antivirus active and updated.

Best regards. :)
  • 0

#11
JSntgRvr
Posted 28 August 2017 - 11:24 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP