Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trying to Clean Up a friend's computer [Solved]


  • This topic is locked This topic is locked

#1
moondog830

moondog830

    Member

  • Member
  • PipPipPip
  • 804 posts

An older gentleman from church asked me to look over his laptop and see if it needs help. To be honest, my first thought is to go straight to Virus, Spyware, Malware Removal and get help.

 

HP Laptop

Win 8.1

RAM 4GB

64-bit OS

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by Harvey (administrator) on NEWMAN-HP-2000 (Hewlett-Packard HP 2000 Notebook PC) (03-09-2019 17:01:44)
Running from C:\Users\Harvey\Desktop
Loaded Profiles: Harvey (Available Profiles: Harvey)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Run: [Opera Browser Assistant] => C:\Users\Harvey\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2754584 2019-09-02] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\On Hand Software\Treasures of the Ancients\callatla\Call of Atlantis Screensaver.scr [143360 2008-11-05] () [File not signed]
Startup: C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2019-07-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Harvey\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0752EE2B-07D7-49F5-97F1-4B1697E0EACA} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {24B17BC4-A6DC-45F6-BF64-9F626D55EBF7} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2812CC05-7155-43E9-BDC8-830AA68531A7} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {3208FC36-7445-4B15-A5D0-2FCE0D405F28} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3916104 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {347DF3F4-9FC7-49A8-9658-F23A0FBA9711} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.18.0.213\WSCStub.exe [2230976 2019-07-20] (Symantec Corporation -> Symantec Corporation)
Task: {3BD0DF9F-B064-4B64-838F-0598C852A9A6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {4141B035-F725-4F32-B93F-E92328B1C8C2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
Task: {5A5185C9-A05B-47AB-8058-806549D8D758} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.18.0.213\SymErr.exe [103952 2019-07-20] (Symantec Corporation -> Symantec Corporation)
Task: {5A692FA9-19A4-45E3-810C-2D2BBC307ACE} - System32\Tasks\Start WinZip Registry Optimizer Update => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {624551F7-FE7B-4685-BB8B-BD167F479235} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-25] (Google Inc -> Google LLC)
Task: {71FC84D5-38A0-4E7D-B230-86EFF20125E9} - System32\Tasks\Opera scheduled assistant Autoupdate 1547662973 => C:\Users\Harvey\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {74DCFCD5-9361-4B29-84ED-4EAC6462095A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {82090254-1899-4221-B0CB-CD402837FA80} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {8DE40940-3CA8-4542-8D2F-C3CBD4276147} - System32\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon) => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {8E4908DF-6781-4762-AB33-5DC4EE0F2188} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-25] (Google Inc -> Google LLC)
Task: {B9DDA0C2-26A4-465A-B04B-4F9449D2D748} - System32\Tasks\Start WinZip Registry Optimizer Schedule => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {BA6BF6BC-D850-4FAB-A59A-4D5A869BDA10} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {BE45C9F8-0D48-4D34-A546-2B501493ABC0} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.18.0.213\SymErr.exe [103952 2019-07-20] (Symantec Corporation -> Symantec Corporation)
Task: {C5CFB11F-CD32-4E9B-BBB0-C6E491B4619F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2230976 2019-07-20] (Symantec Corporation -> Symantec Corporation)
Task: {CB36CE38-5737-4E02-8622-CC6F725FB6F7} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3523502841-1804454589-1998046877-1001UA => C:\Users\Harvey\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CF846C01-DC36-48B2-AC6A-275B92AAEAF0} - \Win Tonic -> No File <==== ATTENTION
Task: {D4ADDC3C-D2A9-4AE0-8A9A-413E07EF522F} - System32\Tasks\Opera scheduled Autoupdate 1547662293 => C:\Users\Harvey\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {DCF282EF-76A1-4276-9743-E837EF469BC7} - \Win Tonic_Logon -> No File <==== ATTENTION
Task: {F479AE57-01F3-4CA1-9F70-89B9F08B858A} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3523502841-1804454589-1998046877-1001Core => C:\Users\Harvey\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon).job => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{635851A6-1FB3-493E-8470-BC1B763A936A}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{E52F945D-DC68-4071-A3C2-79B3EEBAD3D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/motitags/ttab02/index.html?n=7858B94A&p2=^B5J^xdm724^TTAB02^us&ptb=F648FC21-BAC8-4D0D-B433-113C1367D967&si=23843593200880641-23843593201850641&coid=971d5ce6139446a2a3b96044bc685143
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.2.47&locale=US_en&guid=EA5B0F3D-C175-414E-94F5-96BA32D8052E&doi=2019-01-03&o=APN11913&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {01C0A1C1-C302-47CF-83DC-87090404821F} URL = hxxp://search.hquickmapsanddirections.com/s?ap=appfocus1&source=d-ccc6-lp0-bb9&uc=20181114&i_id=maps_spt__1.30&uid=babe2c23-7d3f-4380-8d04-a571d72fe550&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863133039&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBr5VIEU7oIpdMlkzUGSm7lJBJMSOKlfgSP2HzLGbSDBC2jizdKGH4jx%2BiPuSvRsJW3egjqNatUEJHUAOqMCewBtmLnUPJZRJsQTTlZUlF%2FYwHHpIVzQccUh1%2FHjeWQ1qjFf3IzySRXJBiTzv8bamYiSjlbdUIYrbd89MXy6UM0RwXQToI%2F4eOzDurOa76Fp2jVf1XFwqGNFCaK%2FSYQDdHDt0eAVYMdEYa3WCWPcjeZTFw%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {76843778-46A2-4A37-900A-AFC1F58A6F43} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_hp&type=oo_hpset
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.2.47&locale=US_en&guid=EA5B0F3D-C175-414E-94F5-96BA32D8052E&doi=2019-01-03&o=APN11913&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.18.0.213\coIEPlg.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-04-25] (Google Inc -> Google Inc.)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Harvey\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-02-13] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.18.0.213\coIEPlg.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.18.0.213\coIEPlg.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.18.0.213\coIEPlg.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Harvey\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-02-13] (Dashlane USA, Inc. -> Dashlane, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.18.0.213\coIEPlg.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Firefox\Extensions: [ff_hpset@jetpack] - C:\Users\Harvey\AppData\Local\Yahoo\yset\[email protected]
FF Extension: (Yahoo Homepage) - C:\Users\Harvey\AppData\Local\Yahoo\yset\[email protected] [2019-06-14]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3523502841-1804454589-1998046877-1001: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin HKU\S-1-5-21-3523502841-1804454589-1998046877-1001: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.18.0.213\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mpicjgpamgcnpiacdciefbgahmkhhogc] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.18.0.213\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"DigitalTrailEHF" => service was unlocked. <==== ATTENTION
 
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [157512 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
R2 DigitalTrailEHF; C:\Program Files (x86)\DigitalTrailEHF\DigitalTrailEHF.exe [1702312 2019-01-11] () [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.18.0.213\NortonSecurity.exe [225608 2019-07-20] (Symantec Corporation -> Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2019-01-16] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387688 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3680256 2013-06-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2016-05-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.2.7\Definitions\BASHDefs\20190827.001\BHDrvx64.sys [1935880 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1612000.0D5\ccSetx64.sys [193224 2019-07-20] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-08-22] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.2.7\Definitions\IPSDefs\20190830.061\IDSvia64.sys [1451016 2019-08-06] (Symantec Corporation -> Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1612000.0D5\SRTSP64.SYS [883720 2019-07-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1612000.0D5\SRTSPX64.SYS [49672 2019-07-20] (Symantec Corporation -> Symantec Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2019-08-29] (SlimWare Utilities Inc. -> )
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1612000.0D5\SYMEFASI64.SYS [1956080 2019-07-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1612000.0D5\SymELAM.sys [25744 2019-07-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-24] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.2.7\SymPlatform\SymEvnt.sys [719240 2019-08-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1612000.0D5\Ironx64.SYS [316656 2019-07-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1612000.0D5\symnets.sys [573448 2019-07-20] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1612000.0D5\wpCtrlDrv.sys [1012120 2019-07-20] (Symantec Corporation -> Symantec Corporation)
U1 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-03 17:01 - 2019-09-03 17:04 - 000022463 _____ C:\Users\Harvey\Desktop\FRST.txt
2019-09-03 17:01 - 2019-09-03 17:01 - 000000000 ____D C:\FRST
2019-09-03 16:52 - 2019-09-03 16:51 - 001615360 _____ (Farbar) C:\Users\Harvey\Desktop\FRST64.exe
2019-08-31 19:36 - 2019-08-31 19:36 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2019-08-19 16:20 - 2019-02-20 22:53 - 000087296 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140_clr0400.dll
2019-08-19 16:20 - 2019-02-20 22:53 - 000083768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140_clr0400.dll
2019-08-19 16:19 - 2019-03-28 05:11 - 000029232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2019-08-19 16:19 - 2019-03-28 05:09 - 000017968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2019-08-19 16:19 - 2019-02-20 22:53 - 000622832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_clr0400.dll
2019-08-19 16:19 - 2019-02-20 22:53 - 000433448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_clr0400.dll
2019-08-19 16:18 - 2019-03-28 05:11 - 000017968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2019-08-19 16:18 - 2019-03-28 05:09 - 000032816 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2019-08-19 16:17 - 2019-02-20 22:53 - 000772176 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_clr0400.dll
2019-08-19 16:17 - 2019-02-20 22:53 - 000702400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase_clr0400.dll
2019-08-15 18:18 - 2019-08-15 18:18 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2019-08-15 18:08 - 2019-08-29 19:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-08-15 18:08 - 2019-08-15 18:08 - 000003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2019-08-13 17:23 - 2019-08-03 23:37 - 025754624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-08-13 17:23 - 2019-08-03 22:02 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-08-13 17:23 - 2019-08-03 21:54 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-08-13 17:23 - 2019-08-03 21:51 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-08-13 17:23 - 2019-08-03 21:22 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-08-13 17:23 - 2019-08-03 21:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-08-13 17:23 - 2019-08-03 21:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-08-13 17:23 - 2019-08-03 21:11 - 015390720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-08-13 17:23 - 2019-08-03 21:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-08-13 17:23 - 2019-08-03 21:01 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-08-13 17:23 - 2019-08-03 20:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-08-13 17:23 - 2019-08-03 20:50 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-08-13 17:23 - 2019-08-03 20:40 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-08-13 17:23 - 2019-08-03 20:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-08-13 17:23 - 2019-08-03 20:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-08-13 17:23 - 2019-08-03 20:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-08-13 17:23 - 2019-08-03 20:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-08-13 17:23 - 2019-08-03 20:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-08-13 17:23 - 2019-08-03 20:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-08-13 17:23 - 2019-08-03 20:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-08-13 17:23 - 2019-07-09 23:46 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-08-13 17:23 - 2019-07-09 23:11 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-08-13 17:23 - 2019-07-09 23:11 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-08-13 17:23 - 2019-07-09 23:09 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-08-13 17:23 - 2019-07-09 23:09 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2019-08-13 17:23 - 2019-07-09 22:58 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-08-13 17:23 - 2019-07-09 22:56 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-08-13 17:23 - 2019-07-09 22:56 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-08-13 17:23 - 2019-07-09 22:53 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-08-13 17:23 - 2019-07-09 22:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-08-13 17:23 - 2019-07-09 22:47 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2019-08-13 17:23 - 2019-07-09 22:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-08-13 17:23 - 2019-07-09 22:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-08-13 17:23 - 2019-07-09 22:38 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-08-13 17:23 - 2019-07-09 22:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-08-13 17:23 - 2019-07-06 11:02 - 006217216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-08-13 17:23 - 2019-07-06 10:58 - 007035392 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-08-13 17:22 - 2019-07-19 01:59 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-08-13 17:22 - 2019-07-15 22:46 - 001368288 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-08-13 17:22 - 2019-07-15 22:40 - 002535456 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-13 17:22 - 2019-07-15 22:35 - 007363048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-08-13 17:22 - 2019-07-15 22:35 - 001902960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-08-13 17:22 - 2019-07-15 22:30 - 001136760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-08-13 17:22 - 2019-07-15 21:42 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-08-13 17:22 - 2019-07-13 17:28 - 001385912 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-08-13 17:22 - 2019-07-13 15:44 - 001124800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-08-13 17:22 - 2019-07-11 02:07 - 000804872 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-08-13 17:22 - 2019-07-11 02:02 - 002446072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-13 17:22 - 2019-07-11 00:21 - 000611656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-08-13 17:22 - 2019-07-10 23:58 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-08-13 17:22 - 2019-07-10 23:58 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-13 17:22 - 2019-07-10 23:35 - 000861184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-08-13 17:22 - 2019-07-10 23:30 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
2019-08-13 17:22 - 2019-07-10 23:04 - 000182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p2pnetsh.dll
2019-08-13 17:22 - 2019-07-10 22:58 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-08-13 17:22 - 2019-07-10 22:54 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-08-13 17:22 - 2019-07-10 22:54 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-13 17:22 - 2019-07-10 22:52 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-13 17:22 - 2019-07-10 22:49 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-08-13 17:22 - 2019-07-10 22:46 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2019-08-13 17:22 - 2019-07-10 22:46 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-13 17:22 - 2019-07-10 22:44 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-13 17:22 - 2019-07-10 22:43 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-13 17:22 - 2019-07-10 22:42 - 001492992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-08-13 17:22 - 2019-07-10 22:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
2019-08-13 17:22 - 2019-07-10 22:39 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-13 17:22 - 2019-07-10 22:32 - 000177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2019-08-13 17:22 - 2019-07-10 20:43 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-08-13 17:22 - 2019-07-10 20:43 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-08-13 17:22 - 2019-07-10 20:43 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-08-13 17:22 - 2019-07-10 10:06 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-13 17:22 - 2019-07-10 10:06 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-08-13 17:22 - 2019-07-10 09:44 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-08-13 17:22 - 2019-07-10 09:44 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-08-13 17:22 - 2019-07-09 23:12 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-08-13 17:22 - 2019-07-09 22:48 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000292352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2019-08-13 17:22 - 2019-07-06 11:58 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-08-13 17:22 - 2019-07-06 11:43 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-08-13 17:22 - 2019-07-06 11:02 - 003277824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-08-13 17:22 - 2019-07-06 10:58 - 003825152 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-08-13 17:22 - 2019-07-06 10:58 - 003551232 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-13 17:22 - 2019-06-29 14:07 - 000230752 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-13 17:22 - 2019-06-29 13:50 - 000186024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2019-08-05 22:02 - 2019-08-05 22:02 - 000000000 ____D C:\Users\Harvey\AppData\Local\MotitagsTooltab
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-03 16:58 - 2014-11-21 04:44 - 000053526 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-03 16:58 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-09-03 16:05 - 2019-01-15 00:51 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-09-03 00:32 - 2019-01-19 14:04 - 000000036 _____ C:\Users\Harvey\AppData\Roaming\WB.CFG
2019-09-02 12:53 - 2019-01-16 12:52 - 000000000 ____D C:\Program Files\ByteFence
2019-09-02 11:21 - 2019-01-16 14:22 - 000004338 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1547662973
2019-09-01 19:59 - 2019-01-16 14:15 - 000000352 _____ C:\Windows\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon).job
2019-09-01 19:59 - 2017-12-13 07:16 - 000000450 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2019-09-01 12:01 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-08-31 06:16 - 2017-12-13 07:15 - 000000504 _____ C:\Windows\Tasks\DriverUpdate Scan.job
2019-08-29 20:06 - 2019-01-17 10:35 - 000000000 ____D C:\Users\Harvey\Downloads\opera autoupdate
2019-08-29 20:06 - 2017-12-07 19:16 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3523502841-1804454589-1998046877-1001
2019-08-29 20:03 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-08-29 20:01 - 2017-12-13 07:15 - 000013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2019-08-29 19:59 - 2017-12-08 16:38 - 000002320 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-08-29 19:58 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-28 16:21 - 2019-01-16 12:57 - 000002563 _____ C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-08-28 16:21 - 2019-01-16 12:57 - 000002526 _____ C:\Users\Harvey\Desktop\Brave.lnk
2019-08-23 19:06 - 2017-12-08 14:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-22 10:52 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-08-17 11:06 - 2017-12-08 17:16 - 000000000 ____D C:\Program Files\Common Files\AV
2019-08-15 19:30 - 2017-12-08 14:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-15 18:09 - 2018-02-26 10:06 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2019-08-15 18:06 - 2013-08-22 10:44 - 000337808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-15 18:03 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-15 18:01 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-15 17:33 - 2017-12-07 23:10 - 000000000 ____D C:\Windows\system32\MRT
2019-08-15 17:27 - 2017-12-07 23:09 - 134272480 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-08-13 10:29 - 2018-03-13 18:33 - 000000000 ____D C:\Users\Harvey\AppData\Local\CrashDumps
2019-08-09 13:47 - 2019-01-16 14:11 - 000004102 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1547662293
2019-08-09 13:47 - 2019-01-16 14:11 - 000001341 _____ C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-08-05 08:04 - 2019-01-15 00:50 - 000387688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
 
==================== Files in the root of some directories ================
 
2019-01-19 14:04 - 2019-09-03 00:32 - 000000036 _____ () C:\Users\Harvey\AppData\Roaming\WB.CFG
2019-07-18 13:22 - 2019-07-18 13:22 - 000000000 _____ () C:\Users\Harvey\AppData\Local\BIT385B.tmp
2019-01-16 13:53 - 2019-01-16 13:53 - 001360312 _____ () C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe
2019-05-10 16:22 - 2019-05-10 16:22 - 000000000 _____ () C:\Users\Harvey\AppData\Local\{8E665055-A143-46F2-8D7B-A26296F83B6F}
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-04-23 01:32

 

==================== End of FRST.txt ============================
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by Harvey (03-09-2019 17:06:53)
Running from C:\Users\Harvey\Desktop
Windows 8.1 (Update) (X64) (2017-12-08 02:11:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3523502841-1804454589-1998046877-500 - Administrator - Disabled)
Guest (S-1-5-21-3523502841-1804454589-1998046877-501 - Limited - Disabled)
Harvey (S-1-5-21-3523502841-1804454589-1998046877-1001 - Administrator - Enabled) => C:\Users\Harvey
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Norton Security (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Action Classic Games Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Action Classic GamesTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
BetterCareerSearch Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\BetterCareerSearchTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Brave (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\BraveSoftware Brave-Browser) (Version: 76.0.68.132 - Brave Software Inc)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.4.3.1 - Byte Technologies LLC) <==== ATTENTION
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Dashlane (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Dashlane) (Version: 6.1907.0.17833 - Dashlane, Inc.)
DriverUpdate (HKLM-x32\...\{055C7DA5-A1F5-41FB-932C-82474ED3487A}) (Version: 2.7.11 - Slimware Utilities Holdings, Inc.) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.7.11 - Slimware Utilities Holdings, Inc.)
Facebook Gameroom 1.21.6907.27509 (HKLM-x32\...\{E34773A0-158F-4322-8849-2C13BBCD6C68}) (Version: 1.21.6907.27509 - Facebook)
Frankenstein - The Village (HKLM-x32\...\Frankenstein - The Village1.0) (Version: 1.0 - Digital Download)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version:  - ) <==== ATTENTION
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
InboxNow Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\InboxNowTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Motitags Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\MotitagsTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
MyFunCards Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\MyFunCardsTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
MyNewsGuide Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\MyNewsGuideTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
MyTransitPlanner Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\MyTransitPlannerTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Norton Security (HKLM-x32\...\NGC) (Version: 22.18.0.213 - Symantec Corporation)
OnlineFormFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\OnlineFormFinderTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
OnlineMapFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\OnlineMapFinderTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Opera Stable 57.0.3098.116 (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software)
Opera Stable 62.0.3331.116 (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
PCAP (HKLM-x32\...\PCAP) (Version: 1.0.4.09 - PC Accelerate Sales Inc)
QuickWeatherTracker Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\QuickWeatherTrackerTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.8.1 - Reimage) <==== ATTENTION
SSOption (HKLM-x32\...\SSOptin) (Version: 2.0.7.5 - LavenderBlushTheory Co.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Treasures of the Ancients (HKLM-x32\...\{AB033CC1-DDB1-4BAA-844C-EBE6A710A045}) (Version: 1.0.0 - On Hand Software)
WeatherBlink Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\WeatherBlinkTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
WebDiscover Browser 4.28.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 4.28.2 - WebDiscover Media) <==== ATTENTION
WebmailWorld Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\WebmailWorldTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.27.0.26 - Corel Corporation)
WinZip Registry Optimizer (HKLM\...\WinZip Registry Optimizer) (Version: 4.20.1.8 - Corel Corporation)
YourTemplateFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\YourTemplateFinderTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
 
Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.214_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.320.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c [2019-02-17] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.344.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{06B74C04-E813-4DD4-A972-172836EFA8D6}\InprocServer32 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Brave-Browser\Application\76.0.68.132\notification_helper.exe (Brave Software, Inc. -> Brave Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{C08BA3C2-E6F8-4F89-A2AF-1719847F5570}\InprocServer32 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.18.0.213\NavShExt.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.18.0.213\NavShExt.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.18.0.213\buShell.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.18.0.213\NavShExt.dll [2019-07-20] (Symantec Corporation -> Symantec Corporation)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Harvey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\Harvey\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-04 22:33 - 2014-07-04 22:33 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000774656 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 001184256 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 071641088 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\libcef.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000078848 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\libegl.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 003149824 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\libglesv2.dll
2014-07-04 22:30 - 2014-07-04 22:30 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-07-04 22:30 - 2014-07-04 22:30 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2019-07-02 16:40 - 2019-07-02 16:40 - 000412160 _____ (Byte Technologies LLC) [File not signed] C:\Program Files\ByteFence\ByteFenceGUI.dll
2017-11-16 09:11 - 2017-11-16 09:11 - 000310784 _____ (GitHub Community) [File not signed] C:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2019-08-29 19:58 - 000003384 _____ C:\Windows\system32\drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: BraveSoftware Update => C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\BraveUpdateCore.exe
MSCONFIG\startupreg: Dashlane => "C:\Users\Harvey\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
MSCONFIG\startupreg: DashlanePlugin => "C:\Users\Harvey\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws
MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\Harvey\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: WebDiscoverBrowser => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe --docked
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{87D08BCF-B722-4240-B063-9BDE96F10300}] => (Allow) C:\Users\Harvey\AppData\Local\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{B7287EF2-74E1-4AB6-B375-ADC8E3A5CEE2}] => (Allow) C:\Users\Harvey\AppData\Local\Programs\Opera\57.0.3098.91\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{09AF2562-6134-47FE-9D5F-2C72702C6CAA}] => (Allow) C:\Users\Harvey\AppData\Local\Programs\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{904CD01B-4EB9-493F-A7FF-A5DF55954793}] => (Allow) C:\Users\Harvey\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
 
==================== Restore Points =========================
 
12-07-2019 05:43:25 Windows Update
15-08-2019 17:25:49 Windows Update
19-08-2019 16:13:53 Windows Update
01-09-2019 11:56:47 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/01/2019 10:04:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4a4
 
Start Time: 01d5612ad621d4a2
 
Termination Time: 274
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: fc844190-cd25-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 07:39:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a04
 
Start Time: 01d560f0ffeb4630
 
Termination Time: 501
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: b6c76297-cd11-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 02:13:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dbc
 
Start Time: 01d560f05421cd90
 
Termination Time: 1387
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 3b89429a-cce4-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 02:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18e0
 
Start Time: 01d560ee89625b72
 
Termination Time: 3430
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 8e9f11a0-cce3-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 01:56:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1504
 
Start Time: 01d560ee5d5f01cd
 
Termination Time: 684
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: c64a6ac5-cce1-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2019 02:51:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e7c
 
Start Time: 01d5602cf40997bf
 
Termination Time: 3248
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 446949c0-cc20-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2019 02:50:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cc8
 
Start Time: 01d5602cdb25e13c
 
Termination Time: 80
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 314088a5-cc20-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2019 02:49:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 544
 
Start Time: 01d5602cb85ef896
 
Termination Time: 749
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 16df545b-cc20-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/03/2019 09:27:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (09/02/2019 10:22:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (09/02/2019 08:59:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (09/02/2019 10:02:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (09/01/2019 09:11:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (08/31/2019 04:48:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (08/31/2019 04:20:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (08/30/2019 05:33:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
 
Windows Defender:
===================================
Date: 2017-12-07 18:51:34.850
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.22 10/25/2012
Motherboard: Hewlett-Packard 188B
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3682.27 MB
Available physical RAM: 1518.63 MB
Total Virtual: 12386.27 MB
Available Virtual: 8706.26 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.25 GB) (Free:414.02 GB) NTFS
Drive e: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32
 
\\?\Volume{018b6d98-1574-40ff-803b-7310637ece49}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13440112)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: 5CAD41CF)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
thanks in advance for any help ... he's got things on here that I wouldn't have put on ... but ... I know that someone will help me get rid of the stuff he should not have clicked on
 

 


  • 0

Advertisements


#2
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts

Hi moondog830,

I am Yisroel, and I'll be assisting you with your issue.
 
Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem.
 
Before we get started, there are a few things I need you to take note of:

  • Please read through the instructions before attempting to follow those procedures.
  • If there is anything you are unclear of, please ask before you start the fix
  • Do not run any scripts/tools on your own, unsupervised usage may cause more harm than good, and it might interfere with what we are doing
  • Please stay with me on this thread, do not start another thread here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this an easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask youInstead please copy and paste to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet, etc.

I am currently in the process of reviewing your logs and will reply with further instructions as soon as possible.


  • 0

#3
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

thank you Yisroel, I need to let you know that I teach during the day and sometimes have other work when I get home ... but will respond as soon as I can. 

 

dog


  • 0

#4
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts
Hi moondog830,
 
I see that the computer has two antivirus programs installed: Avast Free Antivirus and Norton Security.
 
Although it may seem to you that you're more secured from viruses. the fact is that it is not a good idea to run two antivirus programs on the same computer, and virtually all antivirus vendors warn against doing so. It could be conflicting with each other, and even if not it will definitely decrease performance due to high resource usage. So before we go further we'll go ahead and uninstall one of the antivirus programs.
 
Norton is a paid product and is a full suite so it is probably better, BUT you need to verify that the subscription is active and the user is intended to pay further. Otherwise, the free Avast is of course better. Based on this include the other one in the uninstall list below.
 
xbGEW4x.png Step 1 - Uninstall Unwanted Programs
  • Press the WindowsKey.png + R on your keyboard at the same time.
  • Type appwiz.cpl and click OK.
  • In the list of programs look for all the programs listed below, right-click the entry and click Uninstall.
    • Action Classic Games Internet Explorer Homepage and New Tab
    • BetterCareerSearch Internet Explorer Homepage and New Tab
    • FromDocToPDF Internet Explorer Homepage and New Tab
    • InboxNow Internet Explorer Homepage and New Tab
    • Motitags Internet Explorer Homepage and New Tab
    • MyFunCards Internet Explorer Homepage and New Tab
    • MyNewsGuide Internet Explorer Homepage and New Tab
    • MyTransitPlanner Internet Explorer Homepage and New Tab
    • OnlineFormFinder Internet Explorer Homepage and New Tab
    • OnlineMapFinder Internet Explorer Homepage and New Tab
    • QuickWeatherTracker Internet Explorer Homepage and New Tab
    • WeatherBlink Internet Explorer Homepage and New Tab
    • WebmailWorld Internet Explorer Homepage and New Tab
    • YourTemplateFinder Internet Explorer Homepage and New Tab
    • ByteFence Anti-Malware
    • Goodgame Empire
    • PCAP
    • Reimage Repair
    • SSOption
    • WebDiscover Browser 4.28.2
    • WinZip Driver Updater
    • WinZip Registry Optimizer
    • DriverUpdate
Note: Some of those programs - ByteFence in particular - might have deceptive popups on uninstall that try to trick you into agreeing to reinstall it or anothe rbad thing! Try to read all the windows during uninstalltion and press the correct options.
 
FRST.gif Step 2 - Fix with Farbar's Recovery Scan Tool (FRST)
  • Highlight the entire content of the quote box below.
Start::
CloseProcesses:
CreateRestorePoint:
VirusTotal: C:\Program Files (x86)\DigitalTrailEHF\DigitalTrailEHF.exe;C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0752EE2B-07D7-49F5-97F1-4B1697E0EACA} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {2812CC05-7155-43E9-BDC8-830AA68531A7} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {3208FC36-7445-4B15-A5D0-2FCE0D405F28} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3916104 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {5A692FA9-19A4-45E3-810C-2D2BBC307ACE} - System32\Tasks\Start WinZip Registry Optimizer Update => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {8DE40940-3CA8-4542-8D2F-C3CBD4276147} - System32\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon) => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {B9DDA0C2-26A4-465A-B04B-4F9449D2D748} - System32\Tasks\Start WinZip Registry Optimizer Schedule => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {CF846C01-DC36-48B2-AC6A-275B92AAEAF0} - \Win Tonic -> No File <==== ATTENTION
Task: {DCF282EF-76A1-4276-9743-E837EF469BC7} - \Win Tonic_Logon -> No File <==== ATTENTION 
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon).job => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/motitags/ttab02/index.html?n=7858B94A&p2=^B5J^xdm724^TTAB02^us&ptb=F648FC21-BAC8-4D0D-B433-113C1367D967&si=23843593200880641-23843593201850641&coid=971d5ce6139446a2a3b96044bc685143
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863133039&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBr5VIEU7oIpdMlkzUGSm7lJBJMSOKlfgSP2HzLGbSDBC2jizdKGH4jx%2BiPuSvRsJW3egjqNatUEJHUAOqMCewBtmLnUPJZRJsQTTlZUlF%2FYwHHpIVzQccUh1%2FHjeWQ1qjFf3IzySRXJBiTzv8bamYiSjlbdUIYrbd89MXy6UM0RwXQToI%2F4eOzDurOa76Fp2jVf1XFwqGNFCaK%2FSYQDdHDt0eAVYMdEYa3WCWPcjeZTFw%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {01C0A1C1-C302-47CF-83DC-87090404821F} URL = hxxp://search.hquickmapsanddirections.com/s?ap=appfocus1&source=d-ccc6-lp0-bb9&uc=20181114&i_id=maps_spt__1.30&uid=babe2c23-7d3f-4380-8d04-a571d72fe550&query={searchTerms}
CHR HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mpicjgpamgcnpiacdciefbgahmkhhogc] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [157512 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
R2 DigitalTrailEHF; C:\Program Files (x86)\DigitalTrailEHF\DigitalTrailEHF.exe [1702312 2019-01-11] () [File not signed]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2019-01-16] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2019-08-29] (SlimWare Utilities Inc. -> )
2019-08-05 22:02 - 2019-08-05 22:02 - 000000000 ____D C:\Users\Harvey\AppData\Local\MotitagsTooltab
2019-01-16 13:53 - 2019-01-16 13:53 - 001360312 _____ () C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe
MSCONFIG\startupreg: WebDiscoverBrowser => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe --docked
C:\Program Files (x86)\DriverUpdate
C:\Program Files\ByteFence
C:\Program Files\WinZip Registry Optimizer
C:\Program Files (x86)\DigitalTrailEHF
C:\Program Files\WebDiscoverBrowser
C:\Windows\system32\DRIVERS\SWDUMon.sys
EmptyTemp:
End::
  • Right-click on the highlighted text and select Copy.
  • Start FRST64 from your Desktop with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was run from. Please copy and paste its contents into your next reply.
In your next post please include:
  • FRST Fixlog
  • In general, how is the computer running, and do you still have the initially reported issues, as well as any concerns/issues you've encountered

  • 0

#5
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts
Hi moondog830,

Just a follow-up. Are you still here?
  • 0

#6
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

In general, it seems to be running a bit smoother ... this is not my laptop ... I am cleaning it for a friend. When I looked at it for the first time, I noticed it had a lot of programs on it that I would never have on mine. I also knew that to get a true cleaning, I needed to come here


  • 0

#7
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

In general, it seems to be running a bit smoother ... this is not my laptop ... I am cleaning it for a friend. When I looked at it for the first time, I noticed it had a lot of programs on it that I would never have on mine. I also knew that to get a true cleaning, I needed to come here.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Harvey (08-09-2019 13:37:40) Run:1
Running from C:\Users\Harvey\Desktop
Loaded Profiles: Harvey (Available Profiles: Harvey)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
VirusTotal: C:\Program Files (x86)\DigitalTrailEHF\DigitalTrailEHF.exe;C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0752EE2B-07D7-49F5-97F1-4B1697E0EACA} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {2812CC05-7155-43E9-BDC8-830AA68531A7} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {3208FC36-7445-4B15-A5D0-2FCE0D405F28} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3916104 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {5A692FA9-19A4-45E3-810C-2D2BBC307ACE} - System32\Tasks\Start WinZip Registry Optimizer Update => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {8DE40940-3CA8-4542-8D2F-C3CBD4276147} - System32\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon) => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {B9DDA0C2-26A4-465A-B04B-4F9449D2D748} - System32\Tasks\Start WinZip Registry Optimizer Schedule => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [29371176 2018-12-12] (Corel Corporation -> Corel Corporation)
Task: {CF846C01-DC36-48B2-AC6A-275B92AAEAF0} - \Win Tonic -> No File <==== ATTENTION
Task: {DCF282EF-76A1-4276-9743-E837EF469BC7} - \Win Tonic_Logon -> No File <==== ATTENTION 
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon).job => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/motitags/ttab02/index.html?n=7858B94A&p2=^B5J^xdm724^TTAB02^us&ptb=F648FC21-BAC8-4D0D-B433-113C1367D967&si=23843593200880641-23843593201850641&coid=971d5ce6139446a2a3b96044bc685143
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863133039&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBr5VIEU7oIpdMlkzUGSm7lJBJMSOKlfgSP2HzLGbSDBC2jizdKGH4jx%2BiPuSvRsJW3egjqNatUEJHUAOqMCewBtmLnUPJZRJsQTTlZUlF%2FYwHHpIVzQccUh1%2FHjeWQ1qjFf3IzySRXJBiTzv8bamYiSjlbdUIYrbd89MXy6UM0RwXQToI%2F4eOzDurOa76Fp2jVf1XFwqGNFCaK%2FSYQDdHDt0eAVYMdEYa3WCWPcjeZTFw%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {01C0A1C1-C302-47CF-83DC-87090404821F} URL = hxxp://search.hquickmapsanddirections.com/s?ap=appfocus1&source=d-ccc6-lp0-bb9&uc=20181114&i_id=maps_spt__1.30&uid=babe2c23-7d3f-4380-8d04-a571d72fe550&query={searchTerms}
CHR HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mpicjgpamgcnpiacdciefbgahmkhhogc] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [157512 2019-07-02] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
R2 DigitalTrailEHF; C:\Program Files (x86)\DigitalTrailEHF\DigitalTrailEHF.exe [1702312 2019-01-11] () [File not signed]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2019-01-16] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2019-08-29] (SlimWare Utilities Inc. -> )
2019-08-05 22:02 - 2019-08-05 22:02 - 000000000 ____D C:\Users\Harvey\AppData\Local\MotitagsTooltab
2019-01-16 13:53 - 2019-01-16 13:53 - 001360312 _____ () C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe
MSCONFIG\startupreg: WebDiscoverBrowser => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe --docked
C:\Program Files (x86)\DriverUpdate
C:\Program Files\ByteFence
C:\Program Files\WinZip Registry Optimizer
C:\Program Files (x86)\DigitalTrailEHF
C:\Program Files\WebDiscoverBrowser
C:\Windows\system32\DRIVERS\SWDUMon.sys
EmptyTemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
"VirusTotal: C:\Program Files (x86)\DigitalTrailEHF\DigitalTrailEHF.exe" => not found
VirusTotal: C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe => https://www.virustot...sis/1567964334/
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0752EE2B-07D7-49F5-97F1-4B1697E0EACA}" => not found
"C:\Windows\System32\Tasks\DriverUpdate Startup" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2812CC05-7155-43E9-BDC8-830AA68531A7}" => not found
"C:\Windows\System32\Tasks\DriverUpdate Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3208FC36-7445-4B15-A5D0-2FCE0D405F28}" => not found
"C:\Windows\System32\Tasks\ByteFence" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A692FA9-19A4-45E3-810C-2D2BBC307ACE}" => not found
"C:\Windows\System32\Tasks\Start WinZip Registry Optimizer Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Registry Optimizer Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DE40940-3CA8-4542-8D2F-C3CBD4276147}" => not found
"C:\Windows\System32\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9DDA0C2-26A4-465A-B04B-4F9449D2D748}" => not found
"C:\Windows\System32\Tasks\Start WinZip Registry Optimizer Schedule" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Registry Optimizer Schedule" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF846C01-DC36-48B2-AC6A-275B92AAEAF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF846C01-DC36-48B2-AC6A-275B92AAEAF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Tonic" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF282EF-76A1-4276-9743-E837EF469BC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF282EF-76A1-4276-9743-E837EF469BC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Tonic_Logon" => removed successfully
"C:\Windows\Tasks\DriverUpdate Scan.job" => not found
"C:\Windows\Tasks\DriverUpdate Startup.job" => not found
"C:\Windows\Tasks\Start WinZip Registry Optimizer for Newman-HP-2000@Harvey(logon).job" => not found
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => removed successfully
HKLM\Software\Classes\CLSID\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => not found
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01C0A1C1-C302-47CF-83DC-87090404821F} => removed successfully
HKLM\Software\Classes\CLSID\{01C0A1C1-C302-47CF-83DC-87090404821F} => not found
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\SOFTWARE\Google\Chrome\Extensions\mpicjgpamgcnpiacdciefbgahmkhhogc => removed successfully
ByteFenceService => service not found.
"HKLM\System\CurrentControlSet\Services\DigitalTrailEHF" => removed successfully
DigitalTrailEHF => service removed successfully
rtop => service not found.
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
"C:\Users\Harvey\AppData\Local\MotitagsTooltab" => not found
C:\Users\Harvey\AppData\Local\UntuckedPlanetarium.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebDiscoverBrowser => removed successfully
"C:\Program Files (x86)\DriverUpdate" => not found
"C:\Program Files\ByteFence" => not found
"C:\Program Files\WinZip Registry Optimizer" => not found
C:\Program Files (x86)\DigitalTrailEHF => moved successfully
"C:\Program Files\WebDiscoverBrowser" => not found
C:\Windows\system32\DRIVERS\SWDUMon.sys => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 285775567 B
Java, Flash, Steam htmlcache => 14482 B
Windows/system/drivers => 1610833 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 172912458 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 3382883 B
systemprofile32 => 128 B
LocalService => 2626816 B
NetworkService => 8526 B
Harvey => 2236266454 B
 
RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:41:18 ====

  • 0

#8
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts
Hi moondog830,

We're up to something. It indeed had some garbage on it and we've removed the bulk of it. Please continue here with us until we declare it all good.

In regards to the 2 Antivirus programs, as noted before, have you decided which one you are staying with and uninstalled the other one?

Edited by Yisroel, 08 September 2019 - 12:14 PM.

  • 0

#9
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

Hi Yisroel,

    My friend said that if I could give him a good one to get rid of Norton as he would rather not pay anymore. Since I have used Avast for 6 or 7 years with no problems, I suggested Avast. He agreed and I uninstalled Norton.

 

moondog


  • 0

#10
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts
Great. Avast is indeed a good choice for a Free Antivirus.

Now let's do continue our work to make sure that the computer is all cleaned up.

bOuEl2B.jpg 1 - Clean with AdwCleaner

Download AdwCleaner from here, save the file to the desktop.
  • Close all open windows and browsers
  • Right-click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner
  • Agree to the License Agreement if prompted
  • You will see the following console:
    ROpWcD2.jpg
  • Click the Scan Now button and wait for the scan to finish:
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab:
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
nKWVv9f.gif 2 - Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right-click FRST on your Desktop and Run as administrator
  • Press Scan button
  • It will produce two logs, FRST.txt and Addition.txt in the same directory the tool is being run
  • Please copy and paste both logs back here

  • 0

Advertisements


#11
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

downloaded the wrong file ... downloading the AdwCleaner now ... 


  • 0

#12
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts
Good. Keep me posted.
  • 0

#13
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-08-27.1 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-09-2019
# Duration: 00:00:54
# OS:       Windows 8.1
# Scanned:  35522
# Detected: 70
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.PCOptimizer              C:\ProgramData\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000
Adware.PCOptimizer              C:\Users\Harvey\AppData\Roaming\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000
PUP.Optional.ByteFence          C:\ProgramData\ByteFence
PUP.Optional.Legacy             C:\Program Files\WinZip Smart Monitor
PUP.Optional.Legacy             C:\Users\Harvey\AppData\Local\Downloaded Installers
PUP.Optional.Legacy             C:\Users\Harvey\AppData\Local\YSearchUtil
PUP.Optional.MarketScore        C:\Program Files (x86)\RelevantKnowledge
PUP.Optional.Reimage            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
PUP.Optional.Reimage            C:\ProgramData\Reimage Protector
PUP.Optional.SlimCleanerPlus    C:\Users\Harvey\AppData\Local\slimware utilities inc
PUP.Optional.WebBar             C:\Program Files (x86)\WebDiscoverBrowser
PUP.Optional.WebBar             C:\Users\Harvey\AppData\Roaming\WebDiscoverBrowser
PUP.Optional.WebBar             C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser
PUP.Optional.WinTonic           C:\ProgramData\pctonics.com
PUP.Optional.WinTonic           C:\Users\Harvey\AppData\Roaming\pctonics.com
PUP.Optional.WinZipDriverUpdater C:\Program Files\WinZip Driver Updater
 
***** [ Files ] *****
 
PUP.Optional.Reimage            C:\Windows\Reimage.ini
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\Start WinZip Registry Optimizer with delay for Newman-HP-2000@Harvey
PUP.Adware.Heuristic            C:\Windows\Tasks\Start WinZip Registry Optimizer with delay for [email protected]
 
***** [ Registry ] *****
 
Adware.PCOptimizer              HKLM\Software\Auto-PC-Cleaner2019 For NEWMAN-HP-2000
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B69E9EA-F291-429F-8ADC-342CABB87F8B}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B69E9EA-F291-429F-8ADC-342CABB87F8B}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Registry Optimizer with delay for Newman-HP-2000@Harvey
PUP.Optional.AdvancedSystemCare HKLM\Software\scd-pr
PUP.Optional.BoostMyPC          HKCU\Software\AppCleaner.com
PUP.Optional.ByteFence          HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
PUP.Optional.ByteFence          HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
PUP.Optional.ByteFence          HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.DocToPDFConverter  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhub.com
PUP.Optional.Driverdetails      HKLM\Software\driverdetails.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.driverupdate.net
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy             HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera Browser Assistant
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKU\.DEFAULT\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKU\S-1-5-18\Software\WebDiscoverBrowser
PUP.Optional.MyWebSearch        HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.QuickMaps          HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hquickmapsanddirections.com
PUP.Optional.Reimage            HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
PUP.Optional.Reimage            HKLM\Software\Reimage
PUP.Optional.Reimage            HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
PUP.Optional.SlimCleanerPlus    HKCU\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.TheBrightTag       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
PUP.Optional.WinTonic           HKCU\Software\pctonics.com
PUP.Optional.WinTonic           HKLM\Software\cGN0b25pY3MuY29t
PUP.Optional.WinTonic           HKLM\Software\pctonics.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
AdwCleaner_Debug.log - [16703 octets] - [09/09/2019 23:00:58]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2019
Ran by Harvey (administrator) on NEWMAN-HP-2000 (Hewlett-Packard HP 2000 Notebook PC) (09-09-2019 23:09:26)
Running from C:\Users\Harvey\Desktop
Loaded Profiles: Harvey (Available Profiles: Harvey)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Facebook, Inc. -> Facebook) C:\Users\Harvey\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Facebook, Inc. -> The CefSharp Authors) C:\Users\Harvey\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Harvey\Desktop\adwcleaner_7.4.1.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\On Hand Software\Treasures of the Ancients\callatla\Call of Atlantis Screensaver.scr [143360 2008-11-05] () [File not signed]
Startup: C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2019-07-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Harvey\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {24B17BC4-A6DC-45F6-BF64-9F626D55EBF7} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2565302E-506C-4A0C-BDF7-C7FA63F5D133} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3942792 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {2B315F2D-5EEB-45CA-89FA-5DDB0AA37FF3} - System32\Tasks\Norton Security Scan for Harvey => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.179\Nss.exe [848912 2019-02-15] (Symantec Corporation -> Symantec Corporation)
Task: {3BD0DF9F-B064-4B64-838F-0598C852A9A6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {624551F7-FE7B-4685-BB8B-BD167F479235} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-25] (Google Inc -> Google LLC)
Task: {71FC84D5-38A0-4E7D-B230-86EFF20125E9} - System32\Tasks\Opera scheduled assistant Autoupdate 1547662973 => C:\Users\Harvey\AppData\Local\Programs\Opera\launcher.exe
Task: {74DCFCD5-9361-4B29-84ED-4EAC6462095A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {7B69E9EA-F291-429F-8ADC-342CABB87F8B} - System32\Tasks\Start WinZip Registry Optimizer with delay for Newman-HP-2000@Harvey => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe
Task: {82090254-1899-4221-B0CB-CD402837FA80} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {8E4908DF-6781-4762-AB33-5DC4EE0F2188} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-25] (Google Inc -> Google LLC)
Task: {BA6BF6BC-D850-4FAB-A59A-4D5A869BDA10} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {CB36CE38-5737-4E02-8622-CC6F725FB6F7} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3523502841-1804454589-1998046877-1001UA => C:\Users\Harvey\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D4ADDC3C-D2A9-4AE0-8A9A-413E07EF522F} - System32\Tasks\Opera scheduled Autoupdate 1547662293 => C:\Users\Harvey\AppData\Local\Programs\Opera\launcher.exe
Task: {F479AE57-01F3-4CA1-9F70-89B9F08B858A} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3523502841-1804454589-1998046877-1001Core => C:\Users\Harvey\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Start WinZip Registry Optimizer with delay for [email protected] => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{635851A6-1FB3-493E-8470-BC1B763A936A}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{E52F945D-DC68-4071-A3C2-79B3EEBAD3D0}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.2.47&locale=US_en&guid=EA5B0F3D-C175-414E-94F5-96BA32D8052E&doi=2019-01-03&o=APN11913&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {76843778-46A2-4A37-900A-AFC1F58A6F43} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_hp&type=oo_hpset
SearchScopes: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.2.47&locale=US_en&guid=EA5B0F3D-C175-414E-94F5-96BA32D8052E&doi=2019-01-03&o=APN11913&gct=kwd&qsrc=2869
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-04-25] (Google Inc -> Google Inc.)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Harvey\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-02-13] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Harvey\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-02-13] (Dashlane USA, Inc. -> Dashlane, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-04-25] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Firefox\Extensions: [ff_hpset@jetpack] - C:\Users\Harvey\AppData\Local\Yahoo\yset\[email protected]
FF Extension: (Yahoo Homepage) - C:\Users\Harvey\AppData\Local\Yahoo\yset\[email protected] [2019-06-14]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3523502841-1804454589-1998046877-1001: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin HKU\S-1-5-21-3523502841-1804454589-1998046877-1001: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-01-16] (Brave Software, Inc. -> BraveSoftware Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5975136 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [405072 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209552 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263008 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [205848 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61472 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [282768 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169408 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [478096 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387176 2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3680256 2013-06-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2016-05-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
U1 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-09 23:05 - 2019-09-09 23:05 - 000007904 _____ C:\Users\Harvey\Desktop\AdwCleaner[S00].txt
2019-09-09 23:00 - 2019-09-09 23:01 - 000000000 ____D C:\AdwCleaner
2019-09-09 23:00 - 2019-09-09 22:30 - 007636680 _____ (Malwarebytes) C:\Users\Harvey\Desktop\adwcleaner_7.4.1.exe
2019-09-09 21:58 - 2019-09-09 21:58 - 000000000 ____D C:\Users\Harvey\AppData\Local\mbam
2019-09-09 21:57 - 2019-09-09 21:57 - 000000000 ____D C:\Users\Harvey\AppData\Local\mbamtray
2019-09-09 21:56 - 2019-09-09 21:56 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-09 21:55 - 2019-09-08 21:44 - 066395016 _____ (Malwarebytes ) C:\Users\Harvey\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.625-1.0.12373.exe
2019-09-08 17:46 - 2019-09-08 17:46 - 000363912 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-09-08 17:46 - 2019-09-08 17:46 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-09-08 17:46 - 2019-09-08 17:46 - 000169408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-09-08 13:56 - 2019-09-08 13:56 - 000000000 ____D C:\Windows\LastGood.Tmp
2019-09-08 13:37 - 2019-09-08 13:41 - 000010800 _____ C:\Users\Harvey\Desktop\Fixlog.txt
2019-09-08 10:50 - 2019-09-08 10:50 - 000004216 _____ C:\Windows\System32\Tasks\Norton Security Scan for Harvey
2019-09-08 10:50 - 2019-09-08 10:50 - 000001484 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2019-09-08 10:50 - 2019-09-08 10:50 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2019-09-08 10:50 - 2019-09-08 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2019-09-08 10:50 - 2019-09-08 10:50 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-09-08 10:50 - 2019-09-08 10:50 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2019-09-08 10:27 - 2019-09-09 23:09 - 000000000 ____D C:\Users\Harvey\Desktop\FRST-OlderVersion
2019-09-08 09:08 - 2019-09-08 09:11 - 000000362 _____ C:\Windows\Tasks\Start WinZip Registry Optimizer with delay for [email protected]
2019-09-08 09:08 - 2019-09-08 09:08 - 000002760 _____ C:\Windows\System32\Tasks\Start WinZip Registry Optimizer with delay for Newman-HP-2000@Harvey
2019-09-03 17:06 - 2019-09-03 17:10 - 000028944 _____ C:\Users\Harvey\Desktop\Addition.txt
2019-09-03 17:01 - 2019-09-09 23:10 - 000016194 _____ C:\Users\Harvey\Desktop\FRST.txt
2019-09-03 17:01 - 2019-09-09 23:09 - 000000000 ____D C:\FRST
2019-09-03 16:52 - 2019-09-09 23:09 - 001614848 _____ (Farbar) C:\Users\Harvey\Desktop\FRST64.exe
2019-08-31 19:36 - 2019-09-08 08:41 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2019-08-19 16:20 - 2019-02-20 22:53 - 000087296 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140_clr0400.dll
2019-08-19 16:20 - 2019-02-20 22:53 - 000083768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140_clr0400.dll
2019-08-19 16:19 - 2019-03-28 05:11 - 000029232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2019-08-19 16:19 - 2019-03-28 05:09 - 000017968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2019-08-19 16:19 - 2019-02-20 22:53 - 000622832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_clr0400.dll
2019-08-19 16:19 - 2019-02-20 22:53 - 000433448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_clr0400.dll
2019-08-19 16:18 - 2019-03-28 05:11 - 000017968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2019-08-19 16:18 - 2019-03-28 05:09 - 000032816 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2019-08-19 16:17 - 2019-02-20 22:53 - 000772176 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_clr0400.dll
2019-08-19 16:17 - 2019-02-20 22:53 - 000702400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase_clr0400.dll
2019-08-13 17:23 - 2019-08-03 23:37 - 025754624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-08-13 17:23 - 2019-08-03 22:02 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-08-13 17:23 - 2019-08-03 21:54 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-08-13 17:23 - 2019-08-03 21:51 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-08-13 17:23 - 2019-08-03 21:22 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-08-13 17:23 - 2019-08-03 21:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-08-13 17:23 - 2019-08-03 21:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-08-13 17:23 - 2019-08-03 21:11 - 015390720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-08-13 17:23 - 2019-08-03 21:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-08-13 17:23 - 2019-08-03 21:01 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-08-13 17:23 - 2019-08-03 20:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-08-13 17:23 - 2019-08-03 20:50 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-08-13 17:23 - 2019-08-03 20:40 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-08-13 17:23 - 2019-08-03 20:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-08-13 17:23 - 2019-08-03 20:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-08-13 17:23 - 2019-08-03 20:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-08-13 17:23 - 2019-08-03 20:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-08-13 17:23 - 2019-08-03 20:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-08-13 17:23 - 2019-08-03 20:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-08-13 17:23 - 2019-08-03 20:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-08-13 17:23 - 2019-07-09 23:46 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-08-13 17:23 - 2019-07-09 23:11 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-08-13 17:23 - 2019-07-09 23:11 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-08-13 17:23 - 2019-07-09 23:09 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-08-13 17:23 - 2019-07-09 23:09 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2019-08-13 17:23 - 2019-07-09 22:58 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-08-13 17:23 - 2019-07-09 22:56 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-08-13 17:23 - 2019-07-09 22:56 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-08-13 17:23 - 2019-07-09 22:53 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-08-13 17:23 - 2019-07-09 22:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-08-13 17:23 - 2019-07-09 22:47 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2019-08-13 17:23 - 2019-07-09 22:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-08-13 17:23 - 2019-07-09 22:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-08-13 17:23 - 2019-07-09 22:38 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-08-13 17:23 - 2019-07-09 22:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-08-13 17:23 - 2019-07-06 11:02 - 006217216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-08-13 17:23 - 2019-07-06 10:58 - 007035392 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-08-13 17:22 - 2019-07-19 01:59 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-08-13 17:22 - 2019-07-15 22:46 - 001368288 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-08-13 17:22 - 2019-07-15 22:40 - 002535456 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-13 17:22 - 2019-07-15 22:35 - 007363048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-08-13 17:22 - 2019-07-15 22:35 - 001902960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-08-13 17:22 - 2019-07-15 22:30 - 001136760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-08-13 17:22 - 2019-07-15 21:42 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-08-13 17:22 - 2019-07-13 17:28 - 001385912 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-08-13 17:22 - 2019-07-13 15:44 - 001124800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-08-13 17:22 - 2019-07-11 02:07 - 000804872 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-08-13 17:22 - 2019-07-11 02:02 - 002446072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-13 17:22 - 2019-07-11 00:21 - 000611656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-08-13 17:22 - 2019-07-10 23:58 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-08-13 17:22 - 2019-07-10 23:58 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-13 17:22 - 2019-07-10 23:35 - 000861184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-08-13 17:22 - 2019-07-10 23:30 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
2019-08-13 17:22 - 2019-07-10 23:04 - 000182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p2pnetsh.dll
2019-08-13 17:22 - 2019-07-10 22:58 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2019-08-13 17:22 - 2019-07-10 22:54 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-08-13 17:22 - 2019-07-10 22:54 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-13 17:22 - 2019-07-10 22:52 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-13 17:22 - 2019-07-10 22:49 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-08-13 17:22 - 2019-07-10 22:46 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2019-08-13 17:22 - 2019-07-10 22:46 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-13 17:22 - 2019-07-10 22:44 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-13 17:22 - 2019-07-10 22:43 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-13 17:22 - 2019-07-10 22:42 - 001492992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-08-13 17:22 - 2019-07-10 22:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
2019-08-13 17:22 - 2019-07-10 22:39 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-13 17:22 - 2019-07-10 22:32 - 000177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2019-08-13 17:22 - 2019-07-10 20:43 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-08-13 17:22 - 2019-07-10 20:43 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-08-13 17:22 - 2019-07-10 20:43 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-08-13 17:22 - 2019-07-10 10:06 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-13 17:22 - 2019-07-10 10:06 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-08-13 17:22 - 2019-07-10 09:44 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-08-13 17:22 - 2019-07-10 09:44 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-08-13 17:22 - 2019-07-09 23:12 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-08-13 17:22 - 2019-07-09 22:48 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-13 17:22 - 2019-07-09 13:13 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000292352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2019-08-13 17:22 - 2019-07-09 12:58 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2019-08-13 17:22 - 2019-07-06 11:58 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-08-13 17:22 - 2019-07-06 11:43 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-08-13 17:22 - 2019-07-06 11:02 - 003277824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-08-13 17:22 - 2019-07-06 10:58 - 003825152 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-08-13 17:22 - 2019-07-06 10:58 - 003551232 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-13 17:22 - 2019-06-29 14:07 - 000230752 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-13 17:22 - 2019-06-29 13:50 - 000186024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-09 22:12 - 2017-12-07 19:16 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3523502841-1804454589-1998046877-1001
2019-09-09 21:55 - 2014-11-21 04:44 - 000053526 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-09 21:55 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-09-09 21:53 - 2019-01-15 00:51 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-09-09 21:51 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-08 17:47 - 2019-01-15 00:50 - 000478096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-09-08 17:46 - 2019-02-22 11:02 - 000282768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 001030784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000387176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000263008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000205848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000061472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-09-08 17:46 - 2019-01-15 00:50 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-09-08 13:42 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-09-08 10:50 - 2017-12-08 16:32 - 000000000 ____D C:\ProgramData\Norton
2019-09-08 09:55 - 2019-01-16 12:59 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2019-09-08 09:55 - 2019-01-16 12:58 - 000000000 ____D C:\Program Files\WinZip Driver Updater
2019-09-08 09:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2019-09-08 08:41 - 2013-08-22 11:36 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-09-08 08:41 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-09-08 08:39 - 2017-12-08 16:34 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-09-04 06:58 - 2017-12-07 22:11 - 000000000 ____D C:\Users\Harvey
2019-09-03 00:32 - 2019-01-19 14:04 - 000000036 _____ C:\Users\Harvey\AppData\Roaming\WB.CFG
2019-09-02 11:21 - 2019-01-16 14:22 - 000004338 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1547662973
2019-09-01 12:01 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-08-29 20:06 - 2019-01-17 10:35 - 000000000 ____D C:\Users\Harvey\Downloads\opera autoupdate
2019-08-28 16:21 - 2019-01-16 12:57 - 000002563 _____ C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-08-28 16:21 - 2019-01-16 12:57 - 000002526 _____ C:\Users\Harvey\Desktop\Brave.lnk
2019-08-23 19:06 - 2017-12-08 14:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-22 10:52 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-08-17 11:06 - 2017-12-08 17:16 - 000000000 ____D C:\Program Files\Common Files\AV
2019-08-15 19:30 - 2017-12-08 14:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-15 18:06 - 2013-08-22 10:44 - 000337808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-15 18:01 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-15 17:33 - 2017-12-07 23:10 - 000000000 ____D C:\Windows\system32\MRT
2019-08-15 17:27 - 2017-12-07 23:09 - 134272480 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-08-13 10:29 - 2018-03-13 18:33 - 000000000 ____D C:\Users\Harvey\AppData\Local\CrashDumps
 
==================== Files in the root of some directories ================
 
2019-01-19 14:04 - 2019-09-03 00:32 - 000000036 _____ () C:\Users\Harvey\AppData\Roaming\WB.CFG
2019-07-18 13:22 - 2019-07-18 13:22 - 000000000 _____ () C:\Users\Harvey\AppData\Local\BIT385B.tmp
2019-05-10 16:22 - 2019-05-10 16:22 - 000000000 _____ () C:\Users\Harvey\AppData\Local\{8E665055-A143-46F2-8D7B-A26296F83B6F}
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-09-09 03:42
==================== End of FRST.txt ============================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by Harvey (09-09-2019 23:12:00)
Running from C:\Users\Harvey\Desktop
Windows 8.1 (Update) (X64) (2017-12-08 02:11:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3523502841-1804454589-1998046877-500 - Administrator - Disabled)
Guest (S-1-5-21-3523502841-1804454589-1998046877-501 - Limited - Disabled)
Harvey (S-1-5-21-3523502841-1804454589-1998046877-1001 - Administrator - Enabled) => C:\Users\Harvey
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.7.2388 - AVAST Software)
Brave (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\BraveSoftware Brave-Browser) (Version: 76.0.68.132 - Brave Software Inc)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Dashlane (HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\...\Dashlane) (Version: 6.1907.0.17833 - Dashlane, Inc.)
Facebook Gameroom 1.21.6907.27509 (HKLM-x32\...\{E34773A0-158F-4322-8849-2C13BBCD6C68}) (Version: 1.21.6907.27509 - Facebook)
Frankenstein - The Village (HKLM-x32\...\Frankenstein - The Village1.0) (Version: 1.0 - Digital Download)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.179 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Treasures of the Ancients (HKLM-x32\...\{AB033CC1-DDB1-4BAA-844C-EBE6A710A045}) (Version: 1.0.0 - On Hand Software)
 
Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.214_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.320.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c [2019-02-17] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.344.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{06B74C04-E813-4DD4-A972-172836EFA8D6}\InprocServer32 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Brave-Browser\Application\76.0.68.132\notification_helper.exe (Brave Software, Inc. -> Brave Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{C08BA3C2-E6F8-4F89-A2AF-1719847F5570}\InprocServer32 -> C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-3523502841-1804454589-1998046877-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-08] (AVAST Software s.r.o. -> AVAST Software)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-04 22:33 - 2014-07-04 22:33 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000774656 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 001184256 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 071641088 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\libcef.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000078848 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\libegl.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 003149824 _____ () [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\libglesv2.dll
2014-07-04 22:30 - 2014-07-04 22:30 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-07-04 22:30 - 2014-07-04 22:30 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\Harvey\AppData\Local\Facebook\Games\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2019-09-08 09:43 - 000002105 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3523502841-1804454589-1998046877-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: BraveSoftware Update => C:\Users\Harvey\AppData\Local\BraveSoftware\Update\1.3.99.0\BraveUpdateCore.exe
MSCONFIG\startupreg: Dashlane => "C:\Users\Harvey\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
MSCONFIG\startupreg: DashlanePlugin => "C:\Users\Harvey\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws
MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\Harvey\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{87D08BCF-B722-4240-B063-9BDE96F10300}] => (Allow) C:\Users\Harvey\AppData\Local\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{B7287EF2-74E1-4AB6-B375-ADC8E3A5CEE2}] => (Allow) C:\Users\Harvey\AppData\Local\Programs\Opera\57.0.3098.91\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{09AF2562-6134-47FE-9D5F-2C72702C6CAA}] => (Allow) C:\Users\Harvey\AppData\Local\Programs\Opera\62.0.3331.99\opera.exe No File
FirewallRules: [{904CD01B-4EB9-493F-A7FF-A5DF55954793}] => (Allow) C:\Users\Harvey\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe No File
 
==================== Restore Points =========================
 
19-08-2019 16:13:53 Windows Update
01-09-2019 11:56:47 Windows Update
08-09-2019 09:40:37 Removed DriverUpdate
08-09-2019 13:37:55 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/01/2019 10:04:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4a4
 
Start Time: 01d5612ad621d4a2
 
Termination Time: 274
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: fc844190-cd25-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 07:39:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a04
 
Start Time: 01d560f0ffeb4630
 
Termination Time: 501
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: b6c76297-cd11-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 02:13:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dbc
 
Start Time: 01d560f05421cd90
 
Termination Time: 1387
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 3b89429a-cce4-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 02:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18e0
 
Start Time: 01d560ee89625b72
 
Termination Time: 3430
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 8e9f11a0-cce3-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/01/2019 01:56:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1504
 
Start Time: 01d560ee5d5f01cd
 
Termination Time: 684
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: c64a6ac5-cce1-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2019 02:51:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e7c
 
Start Time: 01d5602cf40997bf
 
Termination Time: 3248
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 446949c0-cc20-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2019 02:50:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cc8
 
Start Time: 01d5602cdb25e13c
 
Termination Time: 80
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 314088a5-cc20-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2019 02:49:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 544
 
Start Time: 01d5602cb85ef896
 
Termination Time: 749
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 16df545b-cc20-11e9-847e-2c59e5a50239
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/09/2019 03:43:52 AM) (Source: DCOM) (EventID: 10010) (User: Newman-HP-2000)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (09/09/2019 03:43:22 AM) (Source: DCOM) (EventID: 10010) (User: Newman-HP-2000)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (09/08/2019 01:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/08/2019 01:37:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/08/2019 01:37:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DigitalTrailEHF service failed to start due to the following error: 
Access is denied.
 
Error: (09/08/2019 01:37:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/08/2019 01:37:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DigitalTrailEHF service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (09/08/2019 01:37:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
===================================
Date: 2017-12-07 18:51:34.850
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.22 10/25/2012
Motherboard: Hewlett-Packard 188B
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3682.27 MB
Available physical RAM: 2144.96 MB
Total Virtual: 12386.27 MB
Available Virtual: 10860.94 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.25 GB) (Free:420.97 GB) NTFS
Drive e: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32
 
\\?\Volume{018b6d98-1574-40ff-803b-7310637ece49}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13440112)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: 5CAD41CF)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#14
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,101 posts

bOuEl2B.jpg Clean with AdwCleaner

  • Close all open windows and browsers
  • Right-click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner
  • Click the Scan Now button and wait for the scan to finish. When the scan has finished a Scan Results window will open
  • Please make sure all boxes are checked and then click Quarantine
  • When the program has finished cleaning it may ask to reboot, allow this:
    2Av41Zo.jpg
  • After the reboot a AdwCleaner will open, press on View Log and copy/paste that into your next reply. This report is also saved to C:\AdwCleaner\Logs\AdwCleaner[C00].txt

  • 0

#15
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-08-27.1 (Local)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-11-2019
# Duration: 00:00:10
# OS:       Windows 8.1
# Cleaned:  70
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Program Files (x86)\RelevantKnowledge
Deleted       C:\Program Files (x86)\WebDiscoverBrowser
Deleted       C:\Program Files\WinZip Driver Updater
Deleted       C:\Program Files\WinZip Smart Monitor
Deleted       C:\ProgramData\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000
Deleted       C:\ProgramData\ByteFence
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Deleted       C:\ProgramData\Reimage Protector
Deleted       C:\ProgramData\pctonics.com
Deleted       C:\Users\Harvey\AppData\Local\Downloaded Installers
Deleted       C:\Users\Harvey\AppData\Local\YSearchUtil
Deleted       C:\Users\Harvey\AppData\Local\slimware utilities inc
Deleted       C:\Users\Harvey\AppData\Roaming\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000
Deleted       C:\Users\Harvey\AppData\Roaming\WebDiscoverBrowser
Deleted       C:\Users\Harvey\AppData\Roaming\pctonics.com
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser
 
***** [ Files ] *****
 
Deleted       C:\Windows\Reimage.ini
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted       C:\Windows\System32\Tasks\Start WinZip Registry Optimizer with delay for Newman-HP-2000@Harvey
Deleted       C:\Windows\Tasks\Start WinZip Registry Optimizer with delay for [email protected]
 
***** [ Registry ] *****
 
Deleted       HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
Deleted       HKCU\Software\AppCleaner.com
Deleted       HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hp.myway.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.driverupdate.net
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hquickmapsanddirections.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhub.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\SlimWare Utilities Inc
Deleted       HKCU\Software\WebDiscoverBrowser
Deleted       HKCU\Software\pctonics.com
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B69E9EA-F291-429F-8ADC-342CABB87F8B}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B69E9EA-F291-429F-8ADC-342CABB87F8B}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Registry Optimizer with delay for Newman-HP-2000@Harvey
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\Software\Auto-PC-Cleaner2019 For NEWMAN-HP-2000
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera Browser Assistant
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted       HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Deleted       HKLM\Software\cGN0b25pY3MuY29t
Deleted       HKLM\Software\driverdetails.com
Deleted       HKLM\Software\pctonics.com
Deleted       HKLM\Software\scd-pr
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\WebDiscoverBrowser
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKU\S-1-5-18\Software\WebDiscoverBrowser
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner_Debug.log - [58231 octets] - [09/09/2019 23:00:58]
AdwCleaner[S00].txt - [7904 octets] - [09/09/2019 23:02:47]
AdwCleaner[S01].txt - [7965 octets] - [11/09/2019 20:28:10]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP