Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual activity


  • This topic is locked This topic is locked
26 replies to this topic

#1 maineearle

maineearle

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 17 August 2016 - 03:05 PM

:bowdown: Having alot a problems with redirects. Unable to delete folders. Internert locks up and high CPU usage.

I was unable to run FRST but have attached some scans logs and system information

Also ran Norton NPE but shows nothing 

Norton representive did look at this, but little has changed

 

Any help would be apprieciated

 

Disregard see earlier post

Attached Files


Edited by maineearle, 17 August 2016 - 07:28 PM.

Thanks everyone

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 22 August 2016 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/623797 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 22 August 2016 - 07:16 PM

FRST SCAN LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Ron (administrator) on LAPTOP (22-08-2016 19:45:54)
Running from C:\Users\Ron\Downloads
Loaded Profiles: Ron (Available Profiles: Ron)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
Failed to access process -> Memory Compression
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mixesoft Project) C:\Users\Ron\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Dell) C:\Users\Ron\AppData\Local\Apps\2.0\88KQ6JQM.KTL\210RVCBX.0TJ\dell..tion_6d0a76327dca4869_0007.0006_be49b0d0ac5b5b8d\DellSystemDetect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8522496 2015-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407232 2015-12-31] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\Run: [appnhost] => C:\Users\Ron\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{adce8c5a-2a45-4f7f-8981-ea3e117ac861}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{adce8c5a-2a45-4f7f-8981-ea3e117ac861}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {E5FE351D-5224-44B9-9854-B0C7175EB3BC} URL =
SearchScopes: HKU\.DEFAULT -> {E5FE351D-5224-44B9-9854-B0C7175EB3BC} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\jh627ge6.default-1466961120468
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-31] ()
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npunagi2.dll [2007-08-21] (America Online, Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-19]
CHR Extension: (Google Drive) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-19]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-26]
CHR Extension: (Google Sheets) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-26]
CHR Extension: (Gmail) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-30]
CHR Extension: (Google Docs) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-30]
CHR Extension: (Google Drive) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-30]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-30]
CHR Extension: (Google Sheets) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-30]
CHR Extension: (Click&Clean) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-08-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-30]
CHR Extension: (Gmail) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-01]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-08-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-08-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [337408 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_4fb8a; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1385640 2015-05-27] (Intel Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [803840 2016-07-16] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S3 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-04-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_4fb8a; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
R2 OneSyncSvc_4fb8a; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4fb8a; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [141312 2016-07-16] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-12-31] (Realtek Semiconductor)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_4fb8a; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_4fb8a; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-05-26] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614912 2016-07-16] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_4fb8a; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_4fb8a; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-07-18] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [247296 2016-07-16] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-05-27] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-12-31] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [52184 2015-12-31] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-08-05] (Symantec Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-05-27] (Intel Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2016-01-17] (Glarysoft Ltd)
S3 GUMHFilter; C:\Windows\System32\DRIVERS\GUMHFilter.sys [20096 2016-02-18] (GlarySoft Ltd)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-07-16] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-31] (REALiX™)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel® Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel® Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160819.001\IDSvia64.sys [876760 2016-08-03] (Symantec Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-01-25] (Highresolution Enterprises [www.highrez.co.uk])
R0 iorate; C:\Windows\System32\drivers\iorate.sys [45920 2016-07-16] (Microsoft Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-12-31] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6722320 2015-12-25] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R1 RegHiveRecovery; C:\WINDOWS\system32\drivers\RegHiveRecovery.sys [48304 2014-02-20] (Microsoft Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-12-31] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-08-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-22] ()
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31280 2015-04-15] (Intel Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-07-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-08-22] (Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2016-05-10] (wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [29616 2016-05-27] (WiseCleaner.com)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160808.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160808.019\EX64.SYS [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-22 19:45 - 2016-08-22 19:46 - 00031767 _____ C:\Users\Ron\Downloads\FRST.txt
2016-08-22 19:43 - 2016-08-22 19:46 - 00000000 ____D C:\FRST
2016-08-22 19:42 - 2016-08-22 19:42 - 02193920 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe
2016-08-22 19:36 - 2016-08-22 19:36 - 00000000 ____D C:\Users\Ron\AppData\Local\Deployment
2016-08-22 12:28 - 2016-08-22 12:28 - 00000794 _____ C:\WINDOWS\setupact.log
2016-08-22 12:28 - 2016-08-22 12:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-08-22 05:49 - 2016-08-22 05:49 - 00000000 ____D C:\ProgramData\ProductData
2016-08-22 05:48 - 2016-08-22 05:48 - 00000000 ____D C:\Users\Ron\AppData\Roaming\ProductData
2016-08-22 05:46 - 2016-08-22 05:48 - 00374428 _____ C:\WINDOWS\Minidump\082216-32265-01.dmp
2016-08-22 05:46 - 2016-08-22 05:46 - 795417751 _____ C:\WINDOWS\MEMORY.DMP
2016-08-22 04:10 - 2016-08-22 04:10 - 00003526 _____ C:\WINDOWS\PFRO.log
2016-08-21 19:21 - 2016-08-22 19:31 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-08-21 19:13 - 2016-08-21 19:13 - 00000000 ____D C:\Users\Ron\AppData\Local\Apple Computer
2016-08-21 16:23 - 2016-08-21 16:23 - 00098828 _____ C:\Users\Ron\Documents\cc_20160821_162308.reg
2016-08-21 16:20 - 2016-08-21 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-21 16:20 - 2016-08-21 16:20 - 00002848 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-21 16:20 - 2016-08-21 16:20 - 00000000 ____D C:\Program Files\CCleaner
2016-08-21 08:39 - 2016-08-21 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-21 08:39 - 2016-08-21 08:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-21 08:39 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-21 08:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-21 08:37 - 2016-08-21 08:37 - 22851472 _____ (Malwarebytes ) C:\Users\Ron\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-21 06:17 - 2016-08-22 05:46 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-20 20:10 - 2016-08-20 20:10 - 00000438 _____ C:\Users\Ron\advanced_ip_scanner_MAC.bin
2016-08-20 20:06 - 2016-08-20 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2016-08-20 20:06 - 2016-08-20 20:06 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner
2016-08-20 19:26 - 2016-08-20 19:26 - 00000000 ____D C:\ProgramData\AOL OCP
2016-08-19 10:57 - 2016-08-22 18:36 - 04261368 _____ C:\Users\Ron\Downloads\sa130d0v190.exe
2016-08-19 07:54 - 2016-08-19 07:54 - 00000000 ____D C:\Users\Ron\AppData\Local\Mixesoft
2016-08-18 21:47 - 2016-08-22 19:39 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2016-08-18 13:25 - 2016-08-18 13:25 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Macromedia
2016-08-18 12:11 - 2016-08-18 12:17 - 00000000 ____D C:\Users\Ron\AppData\Local\Mozilla
2016-08-18 10:40 - 2016-08-18 10:40 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Hewlett-Packard
2016-08-18 01:03 - 2016-08-18 01:03 - 00000000 ____D C:\Users\Ron\AppData\Local\NetworkTiles
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-08-17 22:25 - 2016-08-17 22:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-08-17 22:01 - 2016-08-17 22:01 - 00000000 ____D C:\Users\Ron\AppData\Local\MicrosoftEdge
2016-08-17 22:00 - 2016-08-17 22:00 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Intel
2016-08-17 21:58 - 2016-08-17 21:58 - 00061440 _____ C:\WINDOWS\system32\config\SYSTEM.gu
2016-08-17 21:58 - 2016-08-17 21:58 - 00028672 _____ C:\WINDOWS\system32\config\SAM.gu
2016-08-17 20:43 - 2012-07-20 10:53 - 00025456 _____ (BlueSprig) C:\WINDOWS\system32\JetCleanRegDefrag.exe
2016-08-17 08:17 - 2016-08-17 08:17 - 01844566 _____ C:\Users\Ron\Documents\System Info.nfo
2016-08-16 16:22 - 2016-07-13 11:08 - 00133712 _____ C:\Users\Ron\Documents\Adware-C.sbi
2016-08-16 16:21 - 2014-01-13 12:15 - 00000279 _____ C:\Users\Ron\Documents\Adware.sbi
2016-08-16 14:40 - 2016-08-16 14:40 - 00000000 ____D C:\Users\Ron\Desktop\Documents - Copy
2016-08-16 10:06 - 2016-08-17 20:38 - 00003454 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2016-08-16 10:06 - 2016-08-16 10:06 - 00003028 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2016-08-15 06:22 - 2016-08-15 06:22 - 00000089 _____ C:\Users\Ron\Documents\Back Pain.txt
2016-08-14 15:54 - 2016-08-14 15:54 - 00000292 _____ C:\Users\Ron\Documents\Wi-Fi Settings.txt
2016-08-13 22:29 - 2016-08-17 20:48 - 00014732 _____ C:\Users\Ron\Documents\cc_20160813_222857.reg
2016-08-13 08:46 - 2014-02-20 05:52 - 00048304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RegHiveRecovery.sys
2016-08-13 08:44 - 2016-08-13 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-08-13 08:44 - 2016-08-13 08:44 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-08-12 06:24 - 2016-08-12 06:25 - 04291320 _____ (BrightFort LLC ) C:\Users\Ron\Downloads\spywareblastersetup55.exe
2016-08-10 18:28 - 2016-08-02 04:48 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 18:28 - 2016-08-02 04:44 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 18:28 - 2016-08-02 04:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-10 18:28 - 2016-08-02 04:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 18:28 - 2016-08-02 03:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 18:28 - 2016-08-02 03:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 18:28 - 2016-08-02 00:51 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 18:28 - 2016-08-02 00:37 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-10 18:28 - 2016-08-02 00:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 18:28 - 2016-08-02 00:27 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-10 18:28 - 2016-08-02 00:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-10 18:28 - 2016-08-02 00:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 18:28 - 2016-08-02 00:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-10 18:28 - 2016-08-02 00:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-10 18:28 - 2016-08-02 00:09 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-10 18:27 - 2016-08-02 04:58 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 18:27 - 2016-08-02 04:53 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 18:27 - 2016-08-02 04:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 18:27 - 2016-08-02 04:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-10 18:27 - 2016-08-02 04:23 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 18:27 - 2016-08-02 04:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-10 18:27 - 2016-08-02 04:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-10 18:27 - 2016-08-02 04:20 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-10 18:27 - 2016-08-02 04:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-10 18:27 - 2016-08-02 04:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 18:27 - 2016-08-02 04:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-10 18:27 - 2016-08-02 04:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 18:27 - 2016-08-02 04:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-10 18:27 - 2016-08-02 04:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-10 18:27 - 2016-08-02 04:11 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-10 18:27 - 2016-08-02 04:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-10 18:27 - 2016-08-02 04:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-10 18:27 - 2016-08-02 04:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 18:27 - 2016-08-02 04:07 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-10 18:27 - 2016-08-02 04:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-10 18:27 - 2016-08-02 04:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-10 18:27 - 2016-08-02 03:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 18:27 - 2016-08-02 03:57 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 18:27 - 2016-08-02 03:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-10 18:27 - 2016-08-02 03:56 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 18:27 - 2016-08-02 03:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-10 18:27 - 2016-08-02 03:55 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 18:27 - 2016-08-02 03:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-10 18:27 - 2016-08-02 00:56 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 18:27 - 2016-08-02 00:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-10 18:27 - 2016-08-02 00:39 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-10 18:27 - 2016-08-02 00:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-10 18:27 - 2016-08-02 00:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-10 18:27 - 2016-08-02 00:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-10 18:27 - 2016-08-02 00:28 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 18:27 - 2016-08-02 00:26 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 18:27 - 2016-08-02 00:26 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-10 18:27 - 2016-08-02 00:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 18:27 - 2016-08-02 00:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 18:27 - 2016-08-02 00:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-10 05:07 - 2016-08-17 20:38 - 00003354 _____ C:\WINDOWS\System32\Tasks\JetBoost_AutoUpdate
2016-08-10 05:07 - 2016-08-10 05:07 - 00000000 ____D C:\ProgramData\BlueSprig
2016-08-10 05:07 - 2016-08-10 05:07 - 00000000 ____D C:\Program Files (x86)\BlueSprig
2016-08-10 05:03 - 2016-08-10 05:03 - 81649664 _____ C:\WINDOWS\system32\config\SOFTWARE.blues
2016-08-10 05:03 - 2016-08-10 05:03 - 19918848 _____ C:\WINDOWS\system32\config\SYSTEM.blues
2016-08-10 05:03 - 2016-08-10 05:03 - 00471040 _____ C:\WINDOWS\system32\config\DEFAULT.blues
2016-08-10 05:03 - 2016-08-10 05:03 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.blues
2016-08-10 05:03 - 2016-08-10 05:03 - 00028672 _____ C:\WINDOWS\system32\config\SAM.blues
2016-08-10 04:54 - 2016-08-10 04:54 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-08-10 04:50 - 2016-08-10 04:50 - 00003270 _____ C:\WINDOWS\System32\Tasks\JetCleanLoginCheckUpdate
2016-08-10 04:50 - 2016-08-10 04:50 - 00000000 ____D C:\Users\Ron\AppData\Roaming\BlueSprig
2016-08-09 05:37 - 2016-08-22 19:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-08-09 05:31 - 2016-08-09 05:31 - 00003398 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-09 05:30 - 2016-08-09 05:30 - 00002415 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-08-08 07:56 - 2016-08-08 07:57 - 08799792 _____ ( ) C:\Users\Ron\Downloads\ipscan24.exe
2016-08-07 20:18 - 2016-08-07 20:18 - 00000000 ____D C:\Users\Ron\AppData\Local\MetaGeek,_LLC
2016-08-05 21:53 - 2016-08-05 21:53 - 00095420 ____H C:\WINDOWS\system32\mlfcache.dat
2016-08-04 15:19 - 2016-08-04 15:19 - 00002140 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2016-08-04 15:17 - 2016-08-04 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-08-04 15:17 - 2016-08-04 15:19 - 00000000 ____D C:\Program Files\Classic Shell
2016-08-04 15:16 - 2016-08-04 15:16 - 07220496 _____ (IvoSoft) C:\Users\Ron\Downloads\ClassicShellSetup_4_3_0.exe
2016-08-04 10:13 - 2016-08-22 13:52 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{864B4982-F845-400E-96A6-559F61A9796C}
2016-08-04 10:08 - 2016-08-05 22:46 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-08-04 10:08 - 2016-08-05 22:46 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-08-04 10:08 - 2016-08-04 10:08 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-08-04 10:05 - 2016-08-09 05:31 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-08-04 10:05 - 2016-08-09 05:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-08-04 10:05 - 2016-08-04 10:05 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2016-08-04 00:06 - 2016-08-13 22:26 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-04 00:03 - 2016-08-04 00:03 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-04 00:03 - 2016-08-04 00:03 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-04 00:03 - 2016-08-04 00:03 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-04 00:03 - 2016-08-04 00:03 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-04 00:03 - 2016-08-04 00:03 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-04 00:02 - 2016-08-04 00:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-03 23:59 - 2016-08-03 23:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-03 23:59 - 2016-08-03 23:59 - 00000000 ____D C:\Program Files\MSBuild
2016-08-03 23:59 - 2016-08-03 23:59 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-03 23:59 - 2016-08-03 23:59 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-03 23:59 - 2016-05-25 15:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-03 23:59 - 2016-05-25 15:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 23:59 - 2016-05-25 15:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-03 23:58 - 2016-05-25 18:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-03 23:58 - 2016-05-25 18:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 23:58 - 2016-05-25 18:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-03 22:42 - 2016-08-03 22:42 - 00000000 ____D C:\ProgramData\USOShared
2016-08-03 20:42 - 2016-08-04 10:11 - 00000000 ____D C:\Users\Ron\AppData\Local\ConnectedDevicesPlatform
2016-08-03 20:42 - 2016-08-03 20:42 - 00000020 ___SH C:\Users\Ron\ntuser.ini
2016-08-03 20:39 - 2016-08-03 20:40 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-03 20:39 - 2016-08-03 20:40 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-03 20:32 - 2016-08-05 08:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-03 20:31 - 2016-08-22 19:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-03 20:18 - 2016-08-03 20:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-03 20:16 - 2016-08-22 19:13 - 00000000 ____D C:\Users\Ron
2016-08-03 20:16 - 2016-07-16 07:48 - 00000000 ___RD C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-08-03 20:16 - 2016-07-16 07:47 - 00000000 ___RD C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-08-03 20:16 - 2016-07-16 07:47 - 00000000 ___RD C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-08-03 20:16 - 2016-07-16 07:47 - 00000000 ___RD C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-08-03 20:16 - 2016-07-16 07:47 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-08-03 20:11 - 2016-08-22 19:32 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-03 20:11 - 2016-08-13 05:15 - 00000000 ____D C:\Program Files\Intel
2016-08-03 20:11 - 2016-08-03 20:11 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-03 20:11 - 2016-08-03 20:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-08-03 20:11 - 2016-08-03 20:11 - 00000000 ____D C:\Program Files\Synaptics
2016-08-03 20:11 - 2016-08-03 20:11 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-03 20:11 - 2016-04-28 17:47 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-03 20:11 - 2016-04-28 17:47 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-03 20:10 - 2016-08-03 20:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-08-03 20:10 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-03 20:09 - 2016-08-03 20:18 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-03 20:09 - 2016-08-03 20:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2016-08-03 20:09 - 2016-08-03 20:09 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-03 20:09 - 2016-08-03 20:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-03 20:09 - 2016-08-03 20:09 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-03 20:09 - 2016-08-03 20:09 - 00000000 ____D C:\Program Files\Realtek
2016-08-03 20:07 - 2016-08-22 18:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-03 20:07 - 2016-08-10 20:09 - 00230240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-03 20:07 - 2016-08-03 20:07 - 00031311 _____ C:\WINDOWS\system32\NetSetupMig.log
2016-08-03 16:21 - 2016-08-03 16:21 - 01106469 _____ (Igor Pavlov) C:\Users\Ron\Downloads\7z1602.exe
2016-08-03 16:05 - 2016-08-08 06:34 - 00000000 ____D C:\Users\Ron\Desktop\Don D
2016-08-02 21:46 - 2016-08-02 21:46 - 00000995 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-02 21:42 - 2016-08-02 21:42 - 00000784 _____ C:\Users\Ron\Desktop\Documents - Shortcut.lnk
2016-08-02 15:30 - 2016-08-02 15:33 - 00000228 _____ C:\Users\Ron\Desktop\AOL MAIL.url
2016-08-02 14:42 - 2016-08-02 14:42 - 00001553 _____ C:\Users\Ron\Desktop\Klondike Solitaire Collection Free - Shortcut.lnk
2016-08-02 08:44 - 2016-08-22 05:54 - 00001804 _____ C:\Users\Ron\Desktop\PRIVATE.lnk
2016-08-02 08:42 - 2016-08-13 06:50 - 00001782 _____ C:\Users\Ron\Desktop\chrome - Shortcut.lnk
2016-08-02 07:55 - 2016-08-02 07:55 - 00000499 _____ C:\Users\Ron\Downloads\Appsdiagnostic10.diagcab
2016-08-01 20:16 - 2016-08-01 20:16 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-01 19:18 - 2016-08-03 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-01 19:18 - 2016-08-02 16:15 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-01 19:17 - 2016-08-01 19:18 - 00000000 ____D C:\Program Files\iTunes
2016-08-01 19:17 - 2016-08-01 19:17 - 00000000 ____D C:\Program Files\iPod
2016-08-01 19:17 - 2016-08-01 19:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-01 05:53 - 2016-08-01 05:53 - 00000104 _____ C:\Users\Ron\Desktop\Control Panel - Shortcut.lnk
2016-08-01 05:09 - 2016-08-01 05:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-07-31 22:06 - 2016-06-30 23:57 - 00059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2016-07-31 22:05 - 2016-06-30 23:40 - 00034304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2016-07-31 14:56 - 2016-08-13 05:14 - 00000000 ____D C:\Program Files (x86)\AOL 9.0
2016-07-30 09:05 - 2016-07-30 09:05 - 00289240 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2016-07-30 09:05 - 2016-07-30 09:05 - 00247768 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2016-07-29 09:20 - 2016-07-29 12:14 - 00000000 ____D C:\Users\Ron\AppData\Local\Sidebar7
2016-07-29 09:17 - 2016-08-03 20:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-07-29 08:44 - 2016-07-29 08:44 - 00000000 ____D C:\Program Files\Java
2016-07-29 07:42 - 2016-07-29 21:49 - 00000000 ____D C:\ProgramData\UVK
2016-07-29 07:13 - 2016-07-29 07:13 - 00001274 _____ C:\Users\Ron\Documents\AOL Quick Reference Guide.txt
2016-07-28 05:59 - 2016-08-21 09:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-24 20:39 - 2016-08-13 10:19 - 00000000 ____D C:\Intel
2016-07-24 15:41 - 2016-08-22 05:32 - 00000000 ____D C:\AdwCleaner
2016-07-24 10:38 - 2016-08-03 16:08 - 00070656 ___SH C:\Users\Ron\Desktop\Thumbs.db
2016-07-23 15:33 - 2016-08-03 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-23 15:33 - 2016-07-29 08:45 - 00000000 ____D C:\Users\Ron\.oracle_jre_usage
2016-07-23 15:33 - 2016-07-23 15:33 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Sun
2016-07-23 15:32 - 2016-07-29 08:44 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-23 15:32 - 2016-07-23 15:44 - 00000000 ____D C:\ProgramData\Oracle
2016-07-23 08:18 - 2016-07-29 04:31 - 00037376 ___SH C:\Users\Ron\Documents\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-22 19:37 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-22 19:36 - 2016-02-08 09:11 - 00000000 ____D C:\Users\Ron\AppData\Local\Apps\2.0
2016-08-22 19:36 - 2015-07-24 16:34 - 01369992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-22 19:35 - 2016-05-27 07:37 - 00008992 _____ C:\WINDOWS\SysWOW64\Gms.log
2016-08-22 19:33 - 2016-01-05 08:51 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-08-22 19:31 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-22 19:30 - 2016-01-21 19:53 - 00000000 ____D C:\Users\Ron\AppData\Local\ClassicShell
2016-08-22 19:29 - 2016-04-27 08:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-22 19:13 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\sru
2016-08-22 17:14 - 2015-12-15 21:57 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-08-22 05:50 - 2015-12-15 22:07 - 00000000 ____D C:\Users\Ron\AppData\Local\Google
2016-08-22 04:38 - 2016-03-31 19:17 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-22 04:11 - 2016-07-11 08:09 - 00000000 ____D C:\ProgramData\Foxit Software
2016-08-21 16:35 - 2015-12-27 21:17 - 00000000 ____D C:\Users\Ron\Desktop\VIRUS
2016-08-21 16:30 - 2016-01-17 19:28 - 00000000 ____D C:\Users\Ron\Desktop\TOOLS
2016-08-21 09:07 - 2015-12-28 08:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-21 09:06 - 2016-03-17 08:53 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-20 20:41 - 2016-01-08 16:32 - 00007608 _____ C:\Users\Ron\AppData\Local\resmon.resmoncfg
2016-08-20 20:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-20 19:45 - 2015-12-23 12:05 - 00000000 ____D C:\ProgramData\AOL
2016-08-20 19:44 - 2016-01-06 16:04 - 00000018 _____ C:\WINDOWS\msoffice.ini
2016-08-20 19:44 - 2015-12-23 12:09 - 00000000 ____D C:\Users\Ron\AppData\Roaming\AOL
2016-08-20 19:44 - 2015-07-10 07:04 - 00000092 _____ C:\WINDOWS\win.ini
2016-08-20 13:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-20 00:21 - 2016-01-07 08:43 - 00000000 ____D C:\ProgramData\Adobe
2016-08-19 09:02 - 2015-12-16 17:42 - 00001303 _____ C:\Users\Ron\Desktop\Internet Explorer.lnk
2016-08-18 17:01 - 2016-06-02 02:47 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2016-08-18 12:11 - 2015-12-31 08:27 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Mozilla
2016-08-17 22:25 - 2016-07-16 07:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-08-17 22:03 - 2015-12-15 21:53 - 00000000 ____D C:\Users\Ron\AppData\Local\Packages
2016-08-17 22:00 - 2015-12-15 22:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-17 21:58 - 2016-07-16 02:04 - 88342528 _____ C:\WINDOWS\system32\config\SOFTWARE.gu.bak
2016-08-17 21:58 - 2016-07-16 02:04 - 20709376 _____ C:\WINDOWS\system32\config\SYSTEM.gu.bak
2016-08-17 21:58 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.gu.bak
2016-08-17 21:58 - 2016-07-16 02:04 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.gu.bak
2016-08-17 21:58 - 2016-05-18 16:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-17 21:46 - 2016-07-19 08:34 - 00000000 ____D C:\Users\Ron\AppData\Roaming\IObit
2016-08-17 21:46 - 2016-07-19 08:33 - 00000000 ____D C:\ProgramData\IObit
2016-08-17 21:46 - 2016-05-10 16:39 - 00000000 ____D C:\ProgramData\HP
2016-08-17 21:46 - 2016-01-07 13:47 - 00000000 ____D C:\Users\Ron\AppData\Local\NPE
2016-08-17 21:46 - 2016-01-07 08:45 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Adobe
2016-08-17 21:46 - 2015-12-15 21:53 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Adobe
2016-08-17 08:42 - 2015-12-17 05:07 - 00001234 _____ C:\Users\Ron\Desktop\Notepad.lnk
2016-08-16 14:39 - 2016-05-18 16:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-16 03:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-13 22:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 08:43 - 2016-07-11 08:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-13 05:16 - 2016-07-16 02:04 - 00000000 __RHD C:\Users\Default
2016-08-13 05:15 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-08-13 05:15 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-08-13 05:15 - 2016-01-05 08:32 - 00000000 ____D C:\ProgramData\Norton
2016-08-12 06:32 - 2016-01-03 20:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-12 06:27 - 2016-01-17 20:02 - 00000000 ____D C:\Users\Ron\VIRUS
2016-08-12 06:22 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-10 20:09 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\th-TH
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\he-IL
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 20:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-10 18:32 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-05 03:37 - 2016-05-04 10:49 - 00035792 _____ (Glarysoft Ltd) C:\WINDOWS\system32\RegBootDefrag.exe
2016-08-04 15:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\restore
2016-08-04 10:15 - 2016-07-06 10:11 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 04:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-04 00:06 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-03 22:42 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-03 20:47 - 2015-12-15 21:56 - 00000000 ___RD C:\Users\Ron\OneDrive
2016-08-03 20:39 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-03 20:39 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-03 20:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-03 20:34 - 2015-12-17 05:20 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-03 20:33 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-03 20:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-03 20:26 - 2016-07-16 07:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2016-08-03 20:26 - 2016-06-01 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-08-03 20:26 - 2016-05-17 08:38 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool
2016-08-03 20:26 - 2016-05-14 14:43 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2016-08-03 20:26 - 2016-05-13 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-03 20:26 - 2016-05-11 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-03 20:26 - 2016-05-10 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-08-03 20:26 - 2016-04-10 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-03 20:26 - 2016-02-25 09:08 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-03 20:26 - 2015-07-24 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-03 20:26 - 2015-07-24 16:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-03 20:26 - 2015-07-24 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2016-08-03 20:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-03 20:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-08-03 20:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-03 20:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-03 20:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-03 20:20 - 2016-07-11 07:15 - 00000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA%
2016-08-03 20:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Recovery
2016-08-03 20:18 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-03 20:15 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-03 20:15 - 2015-07-24 17:15 - 00000000 ____D C:\Recovery
2016-08-03 20:12 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-03 20:12 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-03 19:37 - 2015-12-15 22:07 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 19:34 - 2016-05-12 07:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-02 21:46 - 2016-06-12 20:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-02 21:46 - 2016-01-01 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-02 21:37 - 2015-12-15 22:07 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-01 19:17 - 2015-12-21 14:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-01 05:09 - 2015-12-31 08:43 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\IObit
2016-08-01 03:38 - 2016-06-25 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-01 03:23 - 2016-05-13 06:16 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-31 21:23 - 2015-12-21 14:28 - 00000000 ____D C:\ProgramData\Apple
2016-07-31 20:57 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-07-31 20:53 - 2016-06-25 13:00 - 00000000 ____D C:\Users\Ron\Documents\2016-06-25 13-00-02
2016-07-31 20:53 - 2016-04-13 09:42 - 00000000 ____D C:\Users\Ron\AppData\Roaming\vlc
2016-07-31 20:53 - 2016-01-22 22:12 - 00000000 ____D C:\WINDOWS\pss
2016-07-31 20:53 - 2016-01-19 18:31 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Foxit Software
2016-07-31 20:53 - 2016-01-17 20:01 - 00000000 ____D C:\Users\Ron\Documents\Ringtones
2016-07-31 20:53 - 2016-01-01 20:50 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FLVPlayer4Free
2016-07-31 20:53 - 2015-12-17 20:13 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FLEXnet
2016-07-31 20:53 - 2015-12-15 21:54 - 00000000 ____D C:\Users\Ron\AppData\Roaming\DropboxOEM
2016-07-31 20:50 - 2016-05-19 08:51 - 00000000 ____D C:\Users\Ron\AppData\Local\LogMeIn Rescue Calling Card
2016-07-31 20:50 - 2016-05-17 14:33 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-31 20:50 - 2015-12-15 21:54 - 00000000 ____D C:\Users\Ron\AppData\Local\DropboxOEM
2016-07-31 20:49 - 2016-06-14 05:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-31 20:49 - 2016-05-10 16:59 - 00000000 ____D C:\Program Files\HP
2016-07-31 20:49 - 2016-03-17 09:25 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-07-31 20:49 - 2016-01-21 19:53 - 00000000 ____D C:\ProgramData\ClassicShell
2016-07-31 20:49 - 2016-01-04 12:28 - 00000000 ____D C:\Program Files\7-Zip
2016-07-31 20:49 - 2016-01-03 20:54 - 00000000 ____D C:\ProgramData\Licenses
2016-07-31 20:49 - 2016-01-01 20:48 - 00000000 ____D C:\Program Files (x86)\FLVPlayer4Free
2016-07-31 20:49 - 2015-12-31 09:09 - 00000000 ____D C:\Program Files\Waves
2016-07-31 20:49 - 2015-12-31 08:26 - 00000000 ____D C:\Program Files\Cyberfox
2016-07-31 20:49 - 2015-12-21 14:30 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-31 20:49 - 2015-12-17 16:51 - 00000000 ____D C:\ProgramData\FLEXnet
2016-07-31 20:49 - 2015-07-24 16:30 - 00000000 ____D C:\Program Files\Dell
2016-07-31 20:48 - 2016-07-11 06:26 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-07-31 20:48 - 2016-05-02 20:27 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.8.2
2016-07-31 20:48 - 2015-12-17 14:41 - 00000000 ____D C:\Program Files (x86)\Brother
2016-07-31 20:12 - 2016-04-29 05:50 - 00000000 ____D C:\ProgramData\Sophos
2016-07-31 20:11 - 2016-06-01 09:51 - 00000000 ____D C:\ProgramData\Intel
2016-07-31 20:10 - 2015-07-24 17:07 - 00000000 ____D C:\ProgramData\Dell
2016-07-31 20:09 - 2016-06-01 09:50 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-07-31 20:07 - 2016-01-04 09:04 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-07-31 20:06 - 2016-06-01 09:50 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-07-27 08:40 - 2015-12-15 22:31 - 00000000 ____D C:\Users\Ron\AppData\Local\Comms
2016-07-24 15:57 - 2016-06-01 09:01 - 00000000 ____D C:\ProgramData\IntelDLM

==================== Files in the root of some directories =======

2016-05-02 09:45 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2016-01-08 16:32 - 2016-08-20 20:41 - 0007608 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg
2016-05-11 15:11 - 2016-05-11 15:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-03 20:09 - 2016-08-03 20:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Ron\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ron\AppData\Local\Temp\libeay32.dll
C:\Users\Ron\AppData\Local\Temp\msvcr120.dll
C:\Users\Ron\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-17 09:11

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   71.24KB   8 downloads

Edited by Oh My!, 23 August 2016 - 08:46 AM.

Thanks everyone

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:28 AM

Posted 23 August 2016 - 08:45 AM

Greetings maineearle and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

You should have an Addition.txt file on your Desktop. Please copy and paste that report in your reply. If you can't find it, rerun a FRST scan and make sure Addition.txt is checked. Copy and paste the report in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 24 August 2016 - 04:18 PM

Gary thanks for taking the time and effort

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ron (24-08-2016 12:03:14)
Running from C:\Users\Ron\Desktop\VIRUS
Windows 10 Home Version 1607 (X64) (2016-08-04 00:41:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-919029386-2927389370-1520403001-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-919029386-2927389370-1520403001-503 - Limited - Disabled)
Guest (S-1-5-21-919029386-2927389370-1520403001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-919029386-2927389370-1520403001-1003 - Limited - Enabled)
Ron (S-1-5-21-919029386-2927389370-1520403001-1001 - Administrator - Enabled) => C:\Users\Ron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Assessments on Client (x32 Version: 8.100.26866 - Microsoft) Hidden
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 43.0.2.0 - 8pecxstudios)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{E474CE8D-1D47-4C68-8845-F5DA9DE26D72}) (Version: 2.0.375.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
FLVPlayer4Free Free FLV Player 7.2.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
Glary Utilities 5.57 (HKLM-x32\...\Glary Utilities 5) (Version: 5.57.0.78 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4424 - Intel Corporation)
Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.119 - IObit)
iSkysoft PDF Editor(Build 5.0.0) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 5.0.0.5 - iSkysoft Studio)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Maxx Audio Installer (x64) (Version: 2.6.6168.9 - Waves Audio Ltd.) Hidden
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-0080-011C-141002011772}) (Version: 2.1.6002.128 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Firefox 48.0 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0 (x64 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{4F9AAF2D-42E6-4BD0-A295-842BC068CC4B}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7644 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.13.0061 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-919029386-2927389370-1520403001-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B2A1847-66DE-42F4-BDA6-25A814AE488E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {11DC3EB4-2C21-4702-A157-A2B36D2076E6} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {12961571-4662-4455-A725-3478D7652B05} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {16E16984-9796-4633-B9EE-F8747D7BA3A4} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {215EFD1A-700C-4107-B617-19C58E123473} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {26184F87-1935-4E27-84B7-D29F63651908} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {2CF8B312-59F1-4088-8C42-B0732A4521A3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {2D21ECEE-9E16-4EED-8918-B838806D08B2} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {33AF7EC2-9B51-4FF9-8496-570CC60CD558} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {3966AA5F-A8A5-41F9-997B-7C4E338F5EBA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {397F0D58-8C6E-403F-898D-4E7FD5696A6A} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {3A69524F-020D-470F-B1B4-D013D093AFCA} - System32\Tasks\GU5SkipUAC => C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\Integrator.exe [2016-08-05] (Glarysoft Ltd)
Task: {46A93BCB-7DD3-49A7-B963-41A55A99A049} - System32\Tasks\GlaryInitialize 5 => C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\Initialize.exe [2016-08-10] (Glarysoft Ltd)
Task: {4AD87161-23EF-42A3-ADFD-F9CE985A4494} - \HPCustParticipation HP ENVY 5540 series -> No File <==== ATTENTION
Task: {5C347C45-E24F-4BD8-9B75-E944EC42081D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {5EB4375A-2AF6-4E78-B18B-0E9980866A70} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {8530E520-72CC-4FD6-9398-C1A46A9EF075} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9A13696B-21EE-4C0D-AEFA-84259327FEAC} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION
Task: {9EB1D1F2-355F-48D5-A545-DD7310654317} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {AD618936-D0C7-481B-84FB-A5817CD93404} - \{6544F063-9101-4EFD-9A3A-0597282DE452} -> No File <==== ATTENTION
Task: {AE3399B2-ABE7-4B57-B58F-06EA44FBA58E} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Users\Ron\Desktop\TOOLS\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {BB269FB5-785A-4325-B769-453DD9806CE8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C0D32505-24ED-4292-BD5C-E4489CE6C11B} - \{3EB8BDEF-8526-4905-A736-F85BE488C6DB} -> No File <==== ATTENTION
Task: {C50432D6-C324-4367-A3FC-926E074F7F60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {C5344CA1-2A2F-48F7-97A1-95F95840BC78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {C7329966-6AE8-495F-8D80-7ECD996C9876} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {C9742556-8503-43A7-9357-BD1CD8D6D370} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH63E391CX -> No File <==== ATTENTION
Task: {CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {CDC74BAC-08D0-44B5-853C-BFA2B3E2A468} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {D09DDA89-3242-44A5-8347-B25C822E76AE} - \USER_ESRV_SVC_WILLAMETTE -> No File <==== ATTENTION
Task: {DD732782-2709-420A-A252-6BED6AB2486C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {DFA8F74D-0A53-4DAF-B025-904EDBC0683A} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Ronald - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-04 08:47 - 2007-07-12 23:37 - 00085504 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-09 20:43 - 2016-03-09 20:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-03 20:47 - 2016-08-03 20:47 - 00959168 _____ () C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-23 21:13 - 2016-08-05 23:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-23 21:13 - 2016-08-05 23:42 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-08-23 21:12 - 2016-08-05 23:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-23 21:12 - 2016-08-05 23:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-23 21:12 - 2016-08-05 23:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-23 21:12 - 2016-08-05 23:23 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-23 21:12 - 2016-08-05 23:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-02 06:26 - 2016-08-02 06:27 - 25356360 _____ () C:\Users\Ron\Desktop\VIRUS\RogueKillerX64.exe
2016-07-31 21:35 - 2016-07-31 21:49 - 03893952 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-01 05:09 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-08-11 04:37 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-11 04:37 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-11 04:37 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-24 04:07 - 2015-06-24 04:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1001movie.com -> 1001movie.com
 
There are 6097 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2016-07-02 08:07 - 00000176 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: GUDelayStartup => "C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SDTray => 
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "AOL Fast Start"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "CBA633B2B5AE9303C2427930F40F058F36DE4589._service_run"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "OffCAT"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "HP OfficeJet 4650 series (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3131066B-003D-43A9-BD1A-5E627DC2150F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{65F8FA78-7561-4E89-B7EE-4D18E5C616E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F9A24238-CD58-4810-8514-516599126CB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B70F49F1-9BDA-4490-A429-C79E2CC31AB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33CA555A-64AB-4A6B-9110-23115CF20531}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{725D5757-A5D1-4FB3-A2F5-1CF4165FC8EF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{07518EF6-E716-42C1-859C-449EDA921DF5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{602AAC81-87BD-41E2-A872-34CC11ED621A}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EE7F5789-C225-4B52-BC52-0A4DDD8F9DB5}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{F931C529-FC67-4D57-B5C4-F281B02F1D72}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{7291C91F-CB2E-439E-9AC9-B8640110D59B}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{DD4972DA-6DD5-47A8-B49B-210A290DDDA3}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{8F80CA03-8889-4529-9D3D-8D24A5E07836}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{548D8024-44AA-4B15-B04B-59FE3B5DA4E6}] => (Allow) LPort=5357
FirewallRules: [{0E306E0F-0580-4CE8-BD68-C63B50666663}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{1AD36388-D243-4FAC-8739-844F8B563A1E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{71E6F7C5-D86F-4F45-9880-7C9C745A1FE2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{D3DE1EF7-65C1-4DB4-993B-C3D4E3729A5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BAC4C675-1C3E-4927-9F74-EB2BC0479458}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BA80918-3EF6-4762-B4ED-AB858BE2899F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BDC2707-8D21-4F0A-AD08-2DF766F154E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1223BEA8-4949-47F9-AC65-1DAB9F837EBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F14FE97-621E-425B-A688-3CBB3D13AB2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC58CEE6-33A1-4175-8C37-DD687E4B1CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6EE6AB5E-1C7E-4934-A77F-3BC021787E83}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{47C954CB-9092-4863-A057-BBA5A332C8AB}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{52E47C6A-D8AD-4F1D-8395-A064A9CF38D0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{161BEEB7-D542-4721-9DEC-22A95523F735}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F70936E4-1570-4685-B15C-79FCF82FCD57}] => (Allow) C:\Program Files (x86)\Common Files\aol\1462235273\ee\aolsoftware.exe
FirewallRules: [{68878665-4D9E-4592-906F-B07487A46131}] => (Allow) C:\Program Files (x86)\Common Files\aol\1462235273\ee\aolsoftware.exe
FirewallRules: [{8E5755FB-F9D4-4456-B21B-A0CC8229838D}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{8B46AB3B-9468-4B3B-9604-B2829FA1C292}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-08-2016 20:13:38 Installed inSSIDer 2.0
10-08-2016 04:54:14 Removed Dell SupportAssistAgent.
11-08-2016 05:37:45 JRT Pre-Junkware Removal
19-08-2016 04:33:26 Scheduled Checkpoint
23-08-2016 21:40:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2016 09:07:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/24/2016 09:06:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 10.0.14393.0, time stamp: 0x5789985f
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x1d8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (08/24/2016 07:21:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/24/2016 07:19:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 09:40:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 03:15:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x2318
Faulting application start time: 0xCHXSmartScreen.exe0
Faulting application path: CHXSmartScreen.exe1
Faulting module path: CHXSmartScreen.exe2
Report Id: CHXSmartScreen.exe3
Faulting package full name: CHXSmartScreen.exe4
Faulting package-relative application ID: CHXSmartScreen.exe5
 
Error: (08/22/2016 07:39:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x304
Faulting application start time: 0xCHXSmartScreen.exe0
Faulting application path: CHXSmartScreen.exe1
Faulting module path: CHXSmartScreen.exe2
Report Id: CHXSmartScreen.exe3
Faulting package full name: CHXSmartScreen.exe4
Faulting package-relative application ID: CHXSmartScreen.exe5
 
 
System errors:
=============
Error: (08/24/2016 07:17:47 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000ef (0xffffcb8d0c423780, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP149986b6-bc3d-4afb-8413-d44f1ec01735
 
Error: (08/24/2016 07:17:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 07:17:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 07:15:50 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (08/24/2016 07:16:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:04:50 AM on ‎8/‎24/‎2016 was unexpected.
 
Error: (08/24/2016 05:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 05:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2016 10:23:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}
 
Error: (08/23/2016 10:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2016 10:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8107.33 MB
Available physical RAM: 4676.5 MB
Total Virtual: 10155.33 MB
Available Virtual: 7082.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:454.33 GB) (Free:371.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

Thanks everyone

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:28 AM

Posted 24 August 2016 - 06:16 PM

Thank you for the addition.txt log. It is my pleasure to help you clean your computer.

I see your default browser is Chrome. Have you tested Edge or Internet Explorer to see if those redirect as well?

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Spybot - Search and Destroy
FLVPlayer4Free Free FLV Player 7.2.0.0

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {E5FE351D-5224-44B9-9854-B0C7175EB3BC} URL =
SearchScopes: HKU\.DEFAULT -> {E5FE351D-5224-44B9-9854-B0C7175EB3BC} URL =
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2016-05-10] (wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [29616 2016-05-27] (WiseCleaner.com)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160808.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160808.019\EX64.SYS [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
Task: {11DC3EB4-2C21-4702-A157-A2B36D2076E6} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {12961571-4662-4455-A725-3478D7652B05} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {16E16984-9796-4633-B9EE-F8747D7BA3A4} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {215EFD1A-700C-4107-B617-19C58E123473} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {26184F87-1935-4E27-84B7-D29F63651908} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {2CF8B312-59F1-4088-8C42-B0732A4521A3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {2D21ECEE-9E16-4EED-8918-B838806D08B2} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {3966AA5F-A8A5-41F9-997B-7C4E338F5EBA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {4AD87161-23EF-42A3-ADFD-F9CE985A4494} - \HPCustParticipation HP ENVY 5540 series -> No File <==== ATTENTION
Task: {5C347C45-E24F-4BD8-9B75-E944EC42081D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {5EB4375A-2AF6-4E78-B18B-0E9980866A70} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {BB269FB5-785A-4325-B769-453DD9806CE8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C0D32505-24ED-4292-BD5C-E4489CE6C11B} - \{3EB8BDEF-8526-4905-A736-F85BE488C6DB} -> No File <==== ATTENTION
Task: {C5344CA1-2A2F-48F7-97A1-95F95840BC78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {C9742556-8503-43A7-9357-BD1CD8D6D370} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH63E391CX -> No File <==== ATTENTION
Task: {CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {D09DDA89-3242-44A5-8347-B25C822E76AE} - \USER_ESRV_SVC_WILLAMETTE -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Zip: C:\WINDOWS\Minidump
CMD: ipconfig /flushdns
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create an Upload.zip file on your Desktop. Attach that file to your reply
  • Copy/paste the following in the Search Field
CHXSmartScreen.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;
emptyclsid;
emptyiecache;
iedefaults;
emptychrcache;

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • Copy and paste C:\zoek-results.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Other browser redirect?
  • Fixlog
  • Attached Upload.zip file
  • Search log
  • Zoek report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 25 August 2016 - 06:59 AM

Gary I am having a problem creating the Fixlog.txt and Upload.zip files in the safe mode as well as normal mode. When I run FRST.EXE as a administrator all I get is a Search.txt log. What am I doing wrong? 


Thanks everyone

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:28 AM

Posted 25 August 2016 - 05:13 PM

Well I'm not sure. Let's try this first.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 25 August 2016 - 08:19 PM

Thanks again Gary

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ron (25-08-2016 21:09:49) Run:1
Running from D:\
Loaded Profiles: Ron (Available Profiles: Ron)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {E5FE351D-5224-44B9-9854-B0C7175EB3BC} URL =
SearchScopes: HKU\.DEFAULT -> {E5FE351D-5224-44B9-9854-B0C7175EB3BC} URL =
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2016-05-10] (wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [29616 2016-05-27] (WiseCleaner.com)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160808.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160808.019\EX64.SYS [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
Task: {11DC3EB4-2C21-4702-A157-A2B36D2076E6} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {12961571-4662-4455-A725-3478D7652B05} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {16E16984-9796-4633-B9EE-F8747D7BA3A4} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {215EFD1A-700C-4107-B617-19C58E123473} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {26184F87-1935-4E27-84B7-D29F63651908} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {2CF8B312-59F1-4088-8C42-B0732A4521A3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {2D21ECEE-9E16-4EED-8918-B838806D08B2} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {3966AA5F-A8A5-41F9-997B-7C4E338F5EBA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {4AD87161-23EF-42A3-ADFD-F9CE985A4494} - \HPCustParticipation HP ENVY 5540 series -> No File <==== ATTENTION
Task: {5C347C45-E24F-4BD8-9B75-E944EC42081D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {5EB4375A-2AF6-4E78-B18B-0E9980866A70} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {BB269FB5-785A-4325-B769-453DD9806CE8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C0D32505-24ED-4292-BD5C-E4489CE6C11B} - \{3EB8BDEF-8526-4905-A736-F85BE488C6DB} -> No File <==== ATTENTION
Task: {C5344CA1-2A2F-48F7-97A1-95F95840BC78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {C9742556-8503-43A7-9357-BD1CD8D6D370} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH63E391CX -> No File <==== ATTENTION
Task: {CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {D09DDA89-3242-44A5-8347-B25C822E76AE} - \USER_ESRV_SVC_WILLAMETTE -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Zip: C:\WINDOWS\Minidump
CMD: ipconfig /flushdns
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5FE351D-5224-44B9-9854-B0C7175EB3BC}" => key removed successfully
HKCR\CLSID\{E5FE351D-5224-44B9-9854-B0C7175EB3BC} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value removed successfully
HKCR\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value removed successfully
HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => key not found. 
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found. 
ibtsiva => service removed successfully
WiseHDInfo => service removed successfully
WiseRegNotify => service removed successfully
NAVENG => service could not remove
NAVEX15 => service could not remove
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11DC3EB4-2C21-4702-A157-A2B36D2076E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11DC3EB4-2C21-4702-A157-A2B36D2076E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12961571-4662-4455-A725-3478D7652B05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12961571-4662-4455-A725-3478D7652B05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel\Intel Telemetry 2 (x86)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16E16984-9796-4633-B9EE-F8747D7BA3A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16E16984-9796-4633-B9EE-F8747D7BA3A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtHDVBg_PushButton" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{215EFD1A-700C-4107-B617-19C58E123473}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{215EFD1A-700C-4107-B617-19C58E123473}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26184F87-1935-4E27-84B7-D29F63651908}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26184F87-1935-4E27-84B7-D29F63651908}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataUploadTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CF8B312-59F1-4088-8C42-B0732A4521A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF8B312-59F1-4088-8C42-B0732A4521A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D21ECEE-9E16-4EED-8918-B838806D08B2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3966AA5F-A8A5-41F9-997B-7C4E338F5EBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3966AA5F-A8A5-41F9-997B-7C4E338F5EBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AD87161-23EF-42A3-ADFD-F9CE985A4494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AD87161-23EF-42A3-ADFD-F9CE985A4494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP ENVY 5540 series" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C347C45-E24F-4BD8-9B75-E944EC42081D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C347C45-E24F-4BD8-9B75-E944EC42081D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EB4375A-2AF6-4E78-B18B-0E9980866A70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EB4375A-2AF6-4E78-B18B-0E9980866A70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{611C823C-437B-46E7-9683-5312DFFCFD7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{611C823C-437B-46E7-9683-5312DFFCFD7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Policy Install" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{848DCC36-520C-4946-BF68-C7EFFEFA2F84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{848DCC36-520C-4946-BF68-C7EFFEFA2F84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB269FB5-785A-4325-B769-453DD9806CE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB269FB5-785A-4325-B769-453DD9806CE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0D32505-24ED-4292-BD5C-E4489CE6C11B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0D32505-24ED-4292-BD5C-E4489CE6C11B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3EB8BDEF-8526-4905-A736-F85BE488C6DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5344CA1-2A2F-48F7-97A1-95F95840BC78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5344CA1-2A2F-48F7-97A1-95F95840BC78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9742556-8503-43A7-9357-BD1CD8D6D370}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9742556-8503-43A7-9357-BD1CD8D6D370}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH63E391CX" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D09DDA89-3242-44A5-8347-B25C822E76AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D09DDA89-3242-44A5-8347-B25C822E76AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_WILLAMETTE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA3F661E-B31C-44A9-B40C-E3D5D56149D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA3F661E-B31C-44A9-B40C-E3D5D56149D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display" => key removed successfully
================== Zip: ===================
C:\WINDOWS\Minidump -> copied successfully to C:\Users\Ron\Desktop\Upload.zip
=========== Zip: End ===========
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 21:10:16 ====

Thanks everyone

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:28 AM

Posted 25 August 2016 - 08:41 PM

Very good, thanks.

Let me know if you were able to uninstall the 2 programs. Then run the FRST search step and Zoek. Also, attach the Upload.zip folder.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 26 August 2016 - 08:16 PM

I have had internet connections issues all day and had to replace my router and just now able connect. Yes I was able to uninstall both programs.

But it is late in the day so I will send the other logs tommorrow

 


Thanks everyone

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:28 AM

Posted 26 August 2016 - 09:12 PM

Sounds good, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 27 August 2016 - 07:09 PM

I'm back 

I downloaded Zoek but it never closed or provided a results log. I copied what it did do and including this with the other logs.

I had to attach the upload.zip I could not extract it

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ron (24-08-2016 12:03:14)
Running from C:\Users\Ron\Desktop\VIRUS
Windows 10 Home Version 1607 (X64) (2016-08-04 00:41:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-919029386-2927389370-1520403001-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-919029386-2927389370-1520403001-503 - Limited - Disabled)
Guest (S-1-5-21-919029386-2927389370-1520403001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-919029386-2927389370-1520403001-1003 - Limited - Enabled)
Ron (S-1-5-21-919029386-2927389370-1520403001-1001 - Administrator - Enabled) => C:\Users\Ron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Assessments on Client (x32 Version: 8.100.26866 - Microsoft) Hidden
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 43.0.2.0 - 8pecxstudios)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{E474CE8D-1D47-4C68-8845-F5DA9DE26D72}) (Version: 2.0.375.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
FLVPlayer4Free Free FLV Player 7.2.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
Glary Utilities 5.57 (HKLM-x32\...\Glary Utilities 5) (Version: 5.57.0.78 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4424 - Intel Corporation)
Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.119 - IObit)
iSkysoft PDF Editor(Build 5.0.0) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 5.0.0.5 - iSkysoft Studio)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Maxx Audio Installer (x64) (Version: 2.6.6168.9 - Waves Audio Ltd.) Hidden
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-0080-011C-141002011772}) (Version: 2.1.6002.128 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Firefox 48.0 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0 (x64 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{4F9AAF2D-42E6-4BD0-A295-842BC068CC4B}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7644 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.13.0061 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-919029386-2927389370-1520403001-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B2A1847-66DE-42F4-BDA6-25A814AE488E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {11DC3EB4-2C21-4702-A157-A2B36D2076E6} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {12961571-4662-4455-A725-3478D7652B05} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {16E16984-9796-4633-B9EE-F8747D7BA3A4} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {215EFD1A-700C-4107-B617-19C58E123473} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {26184F87-1935-4E27-84B7-D29F63651908} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {2CF8B312-59F1-4088-8C42-B0732A4521A3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {2D21ECEE-9E16-4EED-8918-B838806D08B2} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {33AF7EC2-9B51-4FF9-8496-570CC60CD558} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {3966AA5F-A8A5-41F9-997B-7C4E338F5EBA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {397F0D58-8C6E-403F-898D-4E7FD5696A6A} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {3A69524F-020D-470F-B1B4-D013D093AFCA} - System32\Tasks\GU5SkipUAC => C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\Integrator.exe [2016-08-05] (Glarysoft Ltd)
Task: {46A93BCB-7DD3-49A7-B963-41A55A99A049} - System32\Tasks\GlaryInitialize 5 => C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\Initialize.exe [2016-08-10] (Glarysoft Ltd)
Task: {4AD87161-23EF-42A3-ADFD-F9CE985A4494} - \HPCustParticipation HP ENVY 5540 series -> No File <==== ATTENTION
Task: {5C347C45-E24F-4BD8-9B75-E944EC42081D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {5EB4375A-2AF6-4E78-B18B-0E9980866A70} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {8530E520-72CC-4FD6-9398-C1A46A9EF075} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9A13696B-21EE-4C0D-AEFA-84259327FEAC} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION
Task: {9EB1D1F2-355F-48D5-A545-DD7310654317} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {AD618936-D0C7-481B-84FB-A5817CD93404} - \{6544F063-9101-4EFD-9A3A-0597282DE452} -> No File <==== ATTENTION
Task: {AE3399B2-ABE7-4B57-B58F-06EA44FBA58E} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Users\Ron\Desktop\TOOLS\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {BB269FB5-785A-4325-B769-453DD9806CE8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C0D32505-24ED-4292-BD5C-E4489CE6C11B} - \{3EB8BDEF-8526-4905-A736-F85BE488C6DB} -> No File <==== ATTENTION
Task: {C50432D6-C324-4367-A3FC-926E074F7F60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {C5344CA1-2A2F-48F7-97A1-95F95840BC78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {C7329966-6AE8-495F-8D80-7ECD996C9876} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {C9742556-8503-43A7-9357-BD1CD8D6D370} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH63E391CX -> No File <==== ATTENTION
Task: {CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {CDC74BAC-08D0-44B5-853C-BFA2B3E2A468} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {D09DDA89-3242-44A5-8347-B25C822E76AE} - \USER_ESRV_SVC_WILLAMETTE -> No File <==== ATTENTION
Task: {DD732782-2709-420A-A252-6BED6AB2486C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {DFA8F74D-0A53-4DAF-B025-904EDBC0683A} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Ronald - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-04 08:47 - 2007-07-12 23:37 - 00085504 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-09 20:43 - 2016-03-09 20:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-03 20:47 - 2016-08-03 20:47 - 00959168 _____ () C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-23 21:13 - 2016-08-05 23:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-23 21:13 - 2016-08-05 23:42 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-08-23 21:12 - 2016-08-05 23:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-23 21:12 - 2016-08-05 23:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-23 21:12 - 2016-08-05 23:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-23 21:12 - 2016-08-05 23:23 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-23 21:12 - 2016-08-05 23:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-02 06:26 - 2016-08-02 06:27 - 25356360 _____ () C:\Users\Ron\Desktop\VIRUS\RogueKillerX64.exe
2016-07-31 21:35 - 2016-07-31 21:49 - 03893952 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-01 05:09 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-08-11 04:37 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-11 04:37 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-11 04:37 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-24 04:07 - 2015-06-24 04:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1001movie.com -> 1001movie.com
 
There are 6097 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2016-07-02 08:07 - 00000176 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: GUDelayStartup => "C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SDTray => 
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "AOL Fast Start"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "CBA633B2B5AE9303C2427930F40F058F36DE4589._service_run"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "OffCAT"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "HP OfficeJet 4650 series (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3131066B-003D-43A9-BD1A-5E627DC2150F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{65F8FA78-7561-4E89-B7EE-4D18E5C616E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F9A24238-CD58-4810-8514-516599126CB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B70F49F1-9BDA-4490-A429-C79E2CC31AB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33CA555A-64AB-4A6B-9110-23115CF20531}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{725D5757-A5D1-4FB3-A2F5-1CF4165FC8EF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{07518EF6-E716-42C1-859C-449EDA921DF5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{602AAC81-87BD-41E2-A872-34CC11ED621A}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EE7F5789-C225-4B52-BC52-0A4DDD8F9DB5}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{F931C529-FC67-4D57-B5C4-F281B02F1D72}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{7291C91F-CB2E-439E-9AC9-B8640110D59B}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{DD4972DA-6DD5-47A8-B49B-210A290DDDA3}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{8F80CA03-8889-4529-9D3D-8D24A5E07836}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{548D8024-44AA-4B15-B04B-59FE3B5DA4E6}] => (Allow) LPort=5357
FirewallRules: [{0E306E0F-0580-4CE8-BD68-C63B50666663}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{1AD36388-D243-4FAC-8739-844F8B563A1E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{71E6F7C5-D86F-4F45-9880-7C9C745A1FE2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{D3DE1EF7-65C1-4DB4-993B-C3D4E3729A5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BAC4C675-1C3E-4927-9F74-EB2BC0479458}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BA80918-3EF6-4762-B4ED-AB858BE2899F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BDC2707-8D21-4F0A-AD08-2DF766F154E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1223BEA8-4949-47F9-AC65-1DAB9F837EBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F14FE97-621E-425B-A688-3CBB3D13AB2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC58CEE6-33A1-4175-8C37-DD687E4B1CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6EE6AB5E-1C7E-4934-A77F-3BC021787E83}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{47C954CB-9092-4863-A057-BBA5A332C8AB}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{52E47C6A-D8AD-4F1D-8395-A064A9CF38D0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{161BEEB7-D542-4721-9DEC-22A95523F735}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F70936E4-1570-4685-B15C-79FCF82FCD57}] => (Allow) C:\Program Files (x86)\Common Files\aol\1462235273\ee\aolsoftware.exe
FirewallRules: [{68878665-4D9E-4592-906F-B07487A46131}] => (Allow) C:\Program Files (x86)\Common Files\aol\1462235273\ee\aolsoftware.exe
FirewallRules: [{8E5755FB-F9D4-4456-B21B-A0CC8229838D}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{8B46AB3B-9468-4B3B-9604-B2829FA1C292}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-08-2016 20:13:38 Installed inSSIDer 2.0
10-08-2016 04:54:14 Removed Dell SupportAssistAgent.
11-08-2016 05:37:45 JRT Pre-Junkware Removal
19-08-2016 04:33:26 Scheduled Checkpoint
23-08-2016 21:40:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2016 09:07:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/24/2016 09:06:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 10.0.14393.0, time stamp: 0x5789985f
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x1d8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (08/24/2016 07:21:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/24/2016 07:19:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 09:40:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 03:15:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x2318
Faulting application start time: 0xCHXSmartScreen.exe0
Faulting application path: CHXSmartScreen.exe1
Faulting module path: CHXSmartScreen.exe2
Report Id: CHXSmartScreen.exe3
Faulting package full name: CHXSmartScreen.exe4
Faulting package-relative application ID: CHXSmartScreen.exe5
 
Error: (08/22/2016 07:39:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x304
Faulting application start time: 0xCHXSmartScreen.exe0
Faulting application path: CHXSmartScreen.exe1
Faulting module path: CHXSmartScreen.exe2
Report Id: CHXSmartScreen.exe3
Faulting package full name: CHXSmartScreen.exe4
Faulting package-relative application ID: CHXSmartScreen.exe5
 
 
System errors:
=============
Error: (08/24/2016 07:17:47 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000ef (0xffffcb8d0c423780, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP149986b6-bc3d-4afb-8413-d44f1ec01735
 
Error: (08/24/2016 07:17:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 07:17:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 07:15:50 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (08/24/2016 07:16:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:04:50 AM on ‎8/‎24/‎2016 was unexpected.
 
Error: (08/24/2016 05:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 05:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2016 10:23:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}
 
Error: (08/23/2016 10:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2016 10:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8107.33 MB
Available physical RAM: 4676.5 MB
Total Virtual: 10155.33 MB
Available Virtual: 7082.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:454.33 GB) (Free:371.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ===================
 
Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ron (25-08-2016 07:43:18)
Running from C:\Users\Ron\Downloads
Boot Mode: Normal
 
================== Search Files: "filelist" =============
 
====== End of Search ======
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Ron on Sat 08/27/2016 at  8:21:26.28.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ron\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
===== Runcheck  8:23:16.12 =====
 
--- Create Environment Variables  8:23:17.74 
--- Create System Restore Point  8:23:25.07 
--- Checking Input  8:23:49.32 
--- AU AppData Check  8:24:40.53 
--- Remove From Windows Installer  8:24:45.94 
--- Empty Folders Check  8:26:32.25 
--- Registry HKLM Software Check  8:26:32.30 
--- Quick Launch Shortcut Check  8:26:51.27 
--- IE Startpage Check  8:26:56.22 
--- Program Files DB Check  8:27:27.36 
--- C:\Users\Default\AppData DB Check  8:28:32.84 
--- C:\Users\Ron\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check  8:28:32.84 
--- C:\Users\Ron DB Check  8:31:01.08 
--- C:\PROGRA~3 DB Check  8:31:25.50 
--- C:\Users\Default\AppData\Local DB Check  8:31:42.68 
--- C:\Users\Default User\AppData\Local DB Check  8:31:42.68 
--- C:\Users\Ron\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check  8:31:42.68 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  8:33:40.74 
--- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  8:33:55.34 
--- Tasks DB Check  8:34:04.59 
--- C:\Users\Ron\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check  8:34:10.84 
--- Tasks2 DB Check  8:35:09.35 
--- Documents DB Check  8:35:54.93 
--- Documents2 DB Check  8:36:04.56 
--- C:\Users\Ron\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\ax35p142.default DB Check  8:36:06.66 
--- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\jh627ge6.default-1466961120468 DB Check  8:36:06.66 
--- C:\Users\Public\Desktop DB Check  8:36:12.86 
--- C:\Users\Ron\Desktop DB Check  8:36:19.94 
--- Services DB Check  8:36:32.91 
--- FF prefs.js DB Check  8:37:08.01 
--- Emptyclsid  8:38:47.45 
--- Del by CLSID  8:38:51.34 
 
 
 

 


Thanks everyone

#14 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:28 AM

Posted 27 August 2016 - 07:09 PM

I'm back 

I downloaded Zoek but it never closed or provided a results log. I copied what it did do and including this with the other logs.

I had to attach the upload.zip I could not extract it

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ron (24-08-2016 12:03:14)
Running from C:\Users\Ron\Desktop\VIRUS
Windows 10 Home Version 1607 (X64) (2016-08-04 00:41:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-919029386-2927389370-1520403001-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-919029386-2927389370-1520403001-503 - Limited - Disabled)
Guest (S-1-5-21-919029386-2927389370-1520403001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-919029386-2927389370-1520403001-1003 - Limited - Enabled)
Ron (S-1-5-21-919029386-2927389370-1520403001-1001 - Administrator - Enabled) => C:\Users\Ron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Assessments on Client (x32 Version: 8.100.26866 - Microsoft) Hidden
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 43.0.2.0 - 8pecxstudios)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{E474CE8D-1D47-4C68-8845-F5DA9DE26D72}) (Version: 2.0.375.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
FLVPlayer4Free Free FLV Player 7.2.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
Glary Utilities 5.57 (HKLM-x32\...\Glary Utilities 5) (Version: 5.57.0.78 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4424 - Intel Corporation)
Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.119 - IObit)
iSkysoft PDF Editor(Build 5.0.0) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 5.0.0.5 - iSkysoft Studio)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Maxx Audio Installer (x64) (Version: 2.6.6168.9 - Waves Audio Ltd.) Hidden
Microsoft Office Configuration Analyzer Tool 2.1 (HKLM-x32\...\{EA5C0F11-00C9-0080-011C-141002011772}) (Version: 2.1.6002.128 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Firefox 48.0 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0 (x64 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{4F9AAF2D-42E6-4BD0-A295-842BC068CC4B}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7644 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.13.0061 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-919029386-2927389370-1520403001-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B2A1847-66DE-42F4-BDA6-25A814AE488E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {11DC3EB4-2C21-4702-A157-A2B36D2076E6} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {12961571-4662-4455-A725-3478D7652B05} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {13EA3BAB-750B-4F1C-9BAD-B5F31CEE8416} - \Intel\Intel Telemetry 2 (x86) -> No File <==== ATTENTION
Task: {16E16984-9796-4633-B9EE-F8747D7BA3A4} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {215EFD1A-700C-4107-B617-19C58E123473} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {26184F87-1935-4E27-84B7-D29F63651908} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {2CF8B312-59F1-4088-8C42-B0732A4521A3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {2D21ECEE-9E16-4EED-8918-B838806D08B2} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {33AF7EC2-9B51-4FF9-8496-570CC60CD558} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {3966AA5F-A8A5-41F9-997B-7C4E338F5EBA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {397F0D58-8C6E-403F-898D-4E7FD5696A6A} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {3A69524F-020D-470F-B1B4-D013D093AFCA} - System32\Tasks\GU5SkipUAC => C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\Integrator.exe [2016-08-05] (Glarysoft Ltd)
Task: {46A93BCB-7DD3-49A7-B963-41A55A99A049} - System32\Tasks\GlaryInitialize 5 => C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\Initialize.exe [2016-08-10] (Glarysoft Ltd)
Task: {4AD87161-23EF-42A3-ADFD-F9CE985A4494} - \HPCustParticipation HP ENVY 5540 series -> No File <==== ATTENTION
Task: {5C347C45-E24F-4BD8-9B75-E944EC42081D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {5EB4375A-2AF6-4E78-B18B-0E9980866A70} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {8530E520-72CC-4FD6-9398-C1A46A9EF075} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9A13696B-21EE-4C0D-AEFA-84259327FEAC} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION
Task: {9EB1D1F2-355F-48D5-A545-DD7310654317} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {AD618936-D0C7-481B-84FB-A5817CD93404} - \{6544F063-9101-4EFD-9A3A-0597282DE452} -> No File <==== ATTENTION
Task: {AE3399B2-ABE7-4B57-B58F-06EA44FBA58E} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Users\Ron\Desktop\TOOLS\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {BB269FB5-785A-4325-B769-453DD9806CE8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C0D32505-24ED-4292-BD5C-E4489CE6C11B} - \{3EB8BDEF-8526-4905-A736-F85BE488C6DB} -> No File <==== ATTENTION
Task: {C50432D6-C324-4367-A3FC-926E074F7F60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {C5344CA1-2A2F-48F7-97A1-95F95840BC78} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {C7329966-6AE8-495F-8D80-7ECD996C9876} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {C9742556-8503-43A7-9357-BD1CD8D6D370} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH63E391CX -> No File <==== ATTENTION
Task: {CD4D90B4-DAA5-4CF2-96C7-8E156270DFF8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {CDC74BAC-08D0-44B5-853C-BFA2B3E2A468} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {D09DDA89-3242-44A5-8347-B25C822E76AE} - \USER_ESRV_SVC_WILLAMETTE -> No File <==== ATTENTION
Task: {DD732782-2709-420A-A252-6BED6AB2486C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {DFA8F74D-0A53-4DAF-B025-904EDBC0683A} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Ronald - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-04 08:47 - 2007-07-12 23:37 - 00085504 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-09 20:43 - 2016-03-09 20:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-03 20:47 - 2016-08-03 20:47 - 00959168 _____ () C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-23 21:13 - 2016-08-05 23:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-23 21:13 - 2016-08-05 23:42 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-08-23 21:12 - 2016-08-05 23:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-23 21:12 - 2016-08-05 23:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-23 21:12 - 2016-08-05 23:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-23 21:12 - 2016-08-05 23:23 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-23 21:12 - 2016-08-05 23:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-02 06:26 - 2016-08-02 06:27 - 25356360 _____ () C:\Users\Ron\Desktop\VIRUS\RogueKillerX64.exe
2016-07-31 21:35 - 2016-07-31 21:49 - 03893952 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-01 05:09 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-08-11 04:37 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-11 04:37 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-11 04:37 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-24 04:07 - 2015-06-24 04:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\1001movie.com -> 1001movie.com
 
There are 6097 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2016-07-02 08:07 - 00000176 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: GUDelayStartup => "C:\Users\Ron\Desktop\TOOLS\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SDTray => 
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "AOL Fast Start"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "CBA633B2B5AE9303C2427930F40F058F36DE4589._service_run"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "OffCAT"
HKU\S-1-5-21-919029386-2927389370-1520403001-1001\...\StartupApproved\Run: => "HP OfficeJet 4650 series (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3131066B-003D-43A9-BD1A-5E627DC2150F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{65F8FA78-7561-4E89-B7EE-4D18E5C616E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F9A24238-CD58-4810-8514-516599126CB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B70F49F1-9BDA-4490-A429-C79E2CC31AB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33CA555A-64AB-4A6B-9110-23115CF20531}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{725D5757-A5D1-4FB3-A2F5-1CF4165FC8EF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{07518EF6-E716-42C1-859C-449EDA921DF5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{602AAC81-87BD-41E2-A872-34CC11ED621A}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EE7F5789-C225-4B52-BC52-0A4DDD8F9DB5}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{F931C529-FC67-4D57-B5C4-F281B02F1D72}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{7291C91F-CB2E-439E-9AC9-B8640110D59B}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{DD4972DA-6DD5-47A8-B49B-210A290DDDA3}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{8F80CA03-8889-4529-9D3D-8D24A5E07836}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{548D8024-44AA-4B15-B04B-59FE3B5DA4E6}] => (Allow) LPort=5357
FirewallRules: [{0E306E0F-0580-4CE8-BD68-C63B50666663}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{1AD36388-D243-4FAC-8739-844F8B563A1E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{71E6F7C5-D86F-4F45-9880-7C9C745A1FE2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{D3DE1EF7-65C1-4DB4-993B-C3D4E3729A5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BAC4C675-1C3E-4927-9F74-EB2BC0479458}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BA80918-3EF6-4762-B4ED-AB858BE2899F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BDC2707-8D21-4F0A-AD08-2DF766F154E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1223BEA8-4949-47F9-AC65-1DAB9F837EBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F14FE97-621E-425B-A688-3CBB3D13AB2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC58CEE6-33A1-4175-8C37-DD687E4B1CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6EE6AB5E-1C7E-4934-A77F-3BC021787E83}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{47C954CB-9092-4863-A057-BBA5A332C8AB}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{52E47C6A-D8AD-4F1D-8395-A064A9CF38D0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{161BEEB7-D542-4721-9DEC-22A95523F735}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F70936E4-1570-4685-B15C-79FCF82FCD57}] => (Allow) C:\Program Files (x86)\Common Files\aol\1462235273\ee\aolsoftware.exe
FirewallRules: [{68878665-4D9E-4592-906F-B07487A46131}] => (Allow) C:\Program Files (x86)\Common Files\aol\1462235273\ee\aolsoftware.exe
FirewallRules: [{8E5755FB-F9D4-4456-B21B-A0CC8229838D}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{8B46AB3B-9468-4B3B-9604-B2829FA1C292}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-08-2016 20:13:38 Installed inSSIDer 2.0
10-08-2016 04:54:14 Removed Dell SupportAssistAgent.
11-08-2016 05:37:45 JRT Pre-Junkware Removal
19-08-2016 04:33:26 Scheduled Checkpoint
23-08-2016 21:40:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2016 09:07:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/24/2016 09:06:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 10.0.14393.0, time stamp: 0x5789985f
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x1d8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (08/24/2016 07:21:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/24/2016 07:19:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 09:40:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 03:15:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x2318
Faulting application start time: 0xCHXSmartScreen.exe0
Faulting application path: CHXSmartScreen.exe1
Faulting module path: CHXSmartScreen.exe2
Report Id: CHXSmartScreen.exe3
Faulting package full name: CHXSmartScreen.exe4
Faulting package-relative application ID: CHXSmartScreen.exe5
 
Error: (08/22/2016 07:39:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/22/2016 07:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x304
Faulting application start time: 0xCHXSmartScreen.exe0
Faulting application path: CHXSmartScreen.exe1
Faulting module path: CHXSmartScreen.exe2
Report Id: CHXSmartScreen.exe3
Faulting package full name: CHXSmartScreen.exe4
Faulting package-relative application ID: CHXSmartScreen.exe5
 
 
System errors:
=============
Error: (08/24/2016 07:17:47 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000ef (0xffffcb8d0c423780, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP149986b6-bc3d-4afb-8413-d44f1ec01735
 
Error: (08/24/2016 07:17:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 07:17:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 07:15:50 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (08/24/2016 07:16:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:04:50 AM on ‎8/‎24/‎2016 was unexpected.
 
Error: (08/24/2016 05:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/24/2016 05:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2016 10:23:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}
 
Error: (08/23/2016 10:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/23/2016 10:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8107.33 MB
Available physical RAM: 4676.5 MB
Total Virtual: 10155.33 MB
Available Virtual: 7082.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:454.33 GB) (Free:371.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ===================
 
Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ron (25-08-2016 07:43:18)
Running from C:\Users\Ron\Downloads
Boot Mode: Normal
 
================== Search Files: "filelist" =============
 
====== End of Search ======
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Ron on Sat 08/27/2016 at  8:21:26.28.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ron\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
===== Runcheck  8:23:16.12 =====
 
--- Create Environment Variables  8:23:17.74 
--- Create System Restore Point  8:23:25.07 
--- Checking Input  8:23:49.32 
--- AU AppData Check  8:24:40.53 
--- Remove From Windows Installer  8:24:45.94 
--- Empty Folders Check  8:26:32.25 
--- Registry HKLM Software Check  8:26:32.30 
--- Quick Launch Shortcut Check  8:26:51.27 
--- IE Startpage Check  8:26:56.22 
--- Program Files DB Check  8:27:27.36 
--- C:\Users\Default\AppData DB Check  8:28:32.84 
--- C:\Users\Ron\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check  8:28:32.84 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check  8:28:32.84 
--- C:\Users\Ron DB Check  8:31:01.08 
--- C:\PROGRA~3 DB Check  8:31:25.50 
--- C:\Users\Default\AppData\Local DB Check  8:31:42.68 
--- C:\Users\Default User\AppData\Local DB Check  8:31:42.68 
--- C:\Users\Ron\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check  8:31:42.68 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check  8:31:42.68 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  8:33:40.74 
--- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  8:33:55.34 
--- Tasks DB Check  8:34:04.59 
--- C:\Users\Ron\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check  8:34:10.84 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check  8:34:10.84 
--- Tasks2 DB Check  8:35:09.35 
--- Documents DB Check  8:35:54.93 
--- Documents2 DB Check  8:36:04.56 
--- C:\Users\Ron\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\ax35p142.default DB Check  8:36:06.66 
--- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\jh627ge6.default-1466961120468 DB Check  8:36:06.66 
--- C:\Users\Public\Desktop DB Check  8:36:12.86 
--- C:\Users\Ron\Desktop DB Check  8:36:19.94 
--- Services DB Check  8:36:32.91 
--- FF prefs.js DB Check  8:37:08.01 
--- Emptyclsid  8:38:47.45 
--- Del by CLSID  8:38:51.34 
 
 
 

 

Attached Files


Thanks everyone

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:28 AM

Posted 27 August 2016 - 07:39 PM

Thank you. Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
CHXSmartScreen.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users