Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that keeps disconnecting me from the internet?


  • This topic is locked This topic is locked
1 reply to this topic

#1 dchen1086

dchen1086

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 13 February 2017 - 02:53 PM

Hello

 

So I had an issue today. Was browsing websites and checking email. All of a sudden my internet disconnects.

 

I start diagnosing the problem, checking everything, and updating my drivers. So I found that...

 

1). My internet is working on other computers/cell phones

2). I deleted my mcafee (maybe it was that problem?) and downaloded norton (I have subscription for)

3). Did a full scan and quick scan but it didnt solve the connection problem

4). Downloaded malwarebyte, and quaranted over 328 problems. Still did not solve my internet issue.

5). I have to manually disconnect and connect on my computer screen

6). Internet lasts for about 3-10 minutes (not very consistent with the connections

 

So my last option, I've resorted myself to here... Hopefully ya'll can fix it for me

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by OFFICE (administrator) on PC-A (13-02-2017 11:32:10)
Running from C:\Users\OFFICE\Downloads
Loaded Profiles: OFFICE (Available Profiles: OFFICE)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Octoshape ApS) C:\Users\OFFICE\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coNatHst.exe
(Sage Software, Inc.) C:\Program Files (x86)\Sage\Peachtree\peachw.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-06-10] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe [30024 2011-10-25] (Sage Software, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] => C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [PCShowServer] => C:\Users\OFFICE\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632752 2015-08-23] (Cisco)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [Octoshape Streaming Services] => C:\Users\OFFICE\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\RunOnce: [Uninstall C:\Users\OFFICE\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OFFICE\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\MountPoints2: {48840189-4d22-11e5-9bd7-acd1b8d8e134} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-02-13]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-07-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-08-28]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-08-28]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cd7a2d1b-6275-416e-b4d4-288565f5983a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1903804430-1065299906-2840497480-1001 -> DefaultScope {DC812CCC-89AC-4FA9-A5FC-2373FB7FE492} URL = 
SearchScopes: HKU\S-1-5-21-1903804430-1065299906-2840497480-1001 -> {DC812CCC-89AC-4FA9-A5FC-2373FB7FE492} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1903804430-1065299906-2840497480-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: i2kbwxcd.default
FF ProfilePath: C:\Users\OFFICE\AppData\Roaming\Mozilla\Firefox\Profiles\i2kbwxcd.default [2017-02-13]
FF Extension: (Firefox Hotfix) - C:\Users\OFFICE\AppData\Roaming\Mozilla\Firefox\Profiles\i2kbwxcd.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.1.14\coFFAddon [2017-02-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.1.14\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1903804430-1065299906-2840497480-1001: @citrixonline.com/appdetectorplugin -> C:\Users\OFFICE\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-1903804430-1065299906-2840497480-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\OFFICE\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\OFFICE\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-11-05] (Octoshape ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Slides) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
CHR Extension: (Google Docs) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-25]
CHR Extension: (Google Drive) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Google Search) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31]
CHR Extension: (Google Sheets) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-02-13]
CHR Extension: (EasyDocMerge) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2017-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Instagram (Unofficial)) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhinecjpcncdkchdidimohngcbkjalb [2016-06-03]
CHR Extension: (Gmail) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2017-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-07-23] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-07-02] ()
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-08-11] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$UPSWSDBINSTANCE; c:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Peachtree SmartPosting 2012; C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe [43848 2011-10-25] (Sage Software, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-11-05] (Pervasive Software Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
S4 SQLAgent$UPSWSDBINSTANCE; c:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-07-23] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11776264 2015-12-03] (Broadcom Corp)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\BASHDefs\20161005.001\BHDrvx64.sys [1854712 2016-11-11] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-11-11] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-05] (Symantec Corporation)
U3 EraserUtilDrv11620; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11620.sys [156824 2017-01-05] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\IPSDefs\20161104.100\IDSVia64.sys [1012952 2016-11-11] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_39d8ca1ac617325e\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-24] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1608010.00E\SymELAM.sys [24192 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-02-13] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 cfwids; system32\drivers\cfwids.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 11:32 - 2017-02-13 11:32 - 00035568 _____ C:\Users\OFFICE\Downloads\FRST.txt
2017-02-13 11:30 - 2017-02-13 11:32 - 00000000 ____D C:\FRST
2017-02-13 11:30 - 2017-02-13 11:30 - 02421248 _____ (Farbar) C:\Users\OFFICE\Downloads\FRST64.exe
2017-02-13 11:12 - 2017-02-13 11:12 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-13 11:11 - 2017-02-13 11:11 - 00001952 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 11:11 - 2017-02-13 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 11:11 - 2017-02-13 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 11:11 - 2017-02-13 11:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 11:11 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-13 11:10 - 2017-02-13 11:10 - 55566792 _____ (Malwarebytes ) C:\Users\OFFICE\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-13 10:54 - 2017-02-13 10:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-02-13 10:44 - 2017-02-13 10:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-02-13 10:40 - 2017-02-13 10:40 - 00003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-02-13 10:39 - 2017-02-13 10:39 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-02-13 10:39 - 2017-02-13 10:39 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-02-13 10:39 - 2017-02-13 10:39 - 00002497 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-02-13 10:38 - 2017-02-13 10:44 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 10:38 - 2017-02-13 10:38 - 01101120 _____ (Symantec Corporation) C:\Users\OFFICE\Downloads\NortonNSDownloader.exe
2017-02-13 10:38 - 2017-02-13 10:38 - 00001373 _____ C:\Users\OFFICE\Desktop\Norton Installation Files.lnk
2017-02-13 10:38 - 2017-02-13 10:38 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-02-13 10:22 - 2017-02-13 10:26 - 00000000 ____D C:\Users\OFFICE\Desktop\Social Media
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignee93234fa8654511
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68256097050d7c20
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign048d6c50add28957
2017-02-10 17:36 - 2017-02-13 10:38 - 00000000 ____D C:\Users\OFFICE\AppData\Local\CrashDumps
2017-02-10 17:17 - 2017-02-10 17:17 - 00044696 _____ C:\Users\OFFICE\Downloads\Ampere Creations Feb 10, 2017 (1).pdf
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaa29df6228994080
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign80ecca3a421e8b02
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign41223d1a0c3079d6
2017-02-10 16:03 - 2017-02-10 16:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign22b1aefe4e345f4e
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign63b2786197633c62
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign51208e7013f62290
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign3c10fd09a23431ce
2017-02-10 15:49 - 2017-02-10 15:49 - 00044696 _____ C:\Users\OFFICE\Downloads\Ampere Creations Feb 10, 2017.pdf
2017-02-10 14:12 - 2017-02-10 14:12 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign2e66feeb84302c16
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd817c04e53e60c96
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb786b9ec13dd3526
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign10a0306e7192acd0
2017-02-08 11:47 - 2017-02-08 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 11:46 - 2017-01-04 15:32 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 11:46 - 2017-01-04 15:32 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 11:46 - 2016-12-29 05:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 11:46 - 2016-12-29 04:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-08 11:46 - 2016-12-29 04:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-08 11:46 - 2016-12-29 04:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 11:45 - 2017-02-08 11:47 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 09:47 - 2017-02-08 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 20:38 - 2017-02-06 20:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 10:03 - 2017-02-06 10:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd45cd3db6c48971a
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd3574df23b6d84fa
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaf46b1f394463c87
2017-02-06 09:30 - 2017-02-06 09:56 - 243322136 _____ C:\Users\OFFICE\Downloads\1-1.rar
2017-02-01 16:05 - 2017-02-01 16:05 - 00115761 _____ C:\Users\OFFICE\Desktop\Signed 2.pdf
2017-02-01 15:52 - 2017-02-01 15:52 - 00117347 _____ C:\Users\OFFICE\Desktop\Signed.pdf
2017-01-31 17:00 - 2017-02-01 15:54 - 00000000 ____D C:\Users\OFFICE\AppData\Local\HP
2017-01-31 16:56 - 2017-02-08 16:42 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\HpUpdate
2017-01-31 16:55 - 2017-01-31 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-31 16:55 - 2017-01-31 16:55 - 00000195 _____ C:\WINDOWS\system32\AddPort.ini
2017-01-31 16:55 - 2017-01-31 16:55 - 00000000 ____D C:\Users\OFFICE\Desktop\HP
2017-01-31 16:54 - 2015-05-13 13:21 - 00311296 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpbcoinsx64.dll
2017-01-31 12:08 - 2017-01-31 12:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd06e6593a5f3d450
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignc85b363ca70a9f50
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4bb60763162afcac
2017-01-31 11:38 - 2017-01-31 11:38 - 04881620 _____ C:\Users\OFFICE\Desktop\W9-1 signed.pdf
2017-01-31 11:11 - 2017-01-31 11:11 - 00350731 _____ C:\Users\OFFICE\Desktop\JLM 2017 STATEMENT.pdf
2017-01-25 17:05 - 2017-01-25 17:05 - 05271014 _____ C:\Users\OFFICE\Desktop\website banner 3.psd
2017-01-25 16:59 - 2017-01-25 16:59 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignbe9161a137f2f8fa
2017-01-25 16:45 - 2017-01-25 16:45 - 05766702 _____ C:\Users\OFFICE\Desktop\website banner 2.psd
2017-01-25 16:40 - 2017-01-25 16:40 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68923b434712b071
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb8a663adc6617ac5
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4834222c0673f052
2017-01-25 13:04 - 2017-01-25 13:04 - 04686699 _____ C:\Users\OFFICE\Desktop\Ampere Catalog Spring 2017 NP.pdf
2017-01-25 10:14 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:14 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 15:04 - 2017-01-24 15:04 - 22179840 _____ C:\Users\OFFICE\Desktop\Ampere Catalog Spring 2017 NP.indd
2017-01-24 13:49 - 2017-01-24 13:49 - 00025284 _____ C:\Users\OFFICE\Downloads\4047937556017190.xlsx
2017-01-24 13:15 - 2017-01-24 13:15 - 02797056 _____ C:\Users\OFFICE\Downloads\shoes_browse_tree_guide._TTH_ (2).xls
2017-01-24 12:26 - 2017-01-24 12:26 - 02325160 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (5).xlsm
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignfa5ee88bbfa44535
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb57f34755328a344
2017-01-24 08:55 - 2017-02-13 11:02 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-01-24 08:55 - 2017-01-24 08:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-01-20 17:26 - 2017-01-20 17:26 - 00306055 _____ C:\Users\OFFICE\Downloads\search-term-report-2016-11-21-55954017187.txt
2017-01-20 17:21 - 2017-01-20 17:22 - 00306055 _____ C:\Users\OFFICE\Downloads\search-term-report-2016-11-21-55953017187.txt
2017-01-20 15:19 - 2017-01-20 15:19 - 00027635 _____ C:\Users\OFFICE\Downloads\4009296736017186.xlsx
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd7f0730c544c90c4
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsigna75f1c8ffe832725
2017-01-20 14:43 - 2017-01-20 14:43 - 02325160 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (4).xlsm
2017-01-20 12:37 - 2017-01-20 12:37 - 00000000 ____D C:\Users\OFFICE\Desktop\9368MA
2017-01-20 11:53 - 2017-01-20 11:53 - 00029042 _____ C:\Users\OFFICE\Downloads\4008522277017186.xlsx
2017-01-20 11:45 - 2017-01-20 11:45 - 00029139 _____ C:\Users\OFFICE\Downloads\4006177668017186.xlsx
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign145f2a338cd0b8e1
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign12aa40036bfffa82
2017-01-20 11:22 - 2017-01-20 11:39 - 02362383 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (3).xlsm
2017-01-20 11:18 - 2017-01-20 11:18 - 00029120 _____ C:\Users\OFFICE\Downloads\4012451845017186.xlsx
2017-01-20 11:03 - 2017-01-20 11:03 - 00027380 _____ C:\Users\OFFICE\Downloads\4009118403017186.xlsx
2017-01-20 10:27 - 2017-01-20 17:24 - 02797056 _____ C:\Users\OFFICE\Downloads\shoes_browse_tree_guide._TTH_ (1).xls
2017-01-20 10:24 - 2017-01-20 10:24 - 02797056 _____ C:\Users\OFFICE\Downloads\shoes_browse_tree_guide._TTH_.xls
2017-01-20 10:14 - 2017-01-20 11:10 - 02365573 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (2).xlsm
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign723a804e54e63b40
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign673e8a86f0093c21
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\WinRAR
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\Program Files\WinRAR
2017-01-19 10:14 - 2017-01-19 10:14 - 02179856 _____ C:\Users\OFFICE\Downloads\winrar-x64-540.exe
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign9ca47b1571480e8d
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign674fca5e3f94f855
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 11:09 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-13 11:02 - 2015-07-23 09:30 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2017-02-13 10:59 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 10:54 - 2015-08-26 10:10 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-13 10:46 - 2016-07-15 22:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-13 10:45 - 2016-07-16 03:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-13 10:45 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-13 10:45 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-13 10:45 - 2015-08-25 20:28 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Packages
2017-02-13 10:45 - 2015-07-23 09:32 - 00000000 ____D C:\ProgramData\McAfee
2017-02-13 10:44 - 2016-02-20 13:36 - 00000000 ____D C:\ProgramData\Intel Security
2017-02-13 10:43 - 2015-10-29 22:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-13 10:38 - 2015-09-03 16:47 - 01355264 ___SH C:\Users\OFFICE\Desktop\Thumbs.db
2017-02-13 10:32 - 2016-12-06 12:12 - 00000000 ____D C:\Users\OFFICE\AppData\LocalLow\Mozilla
2017-02-13 10:31 - 2015-08-25 20:50 - 00000000 ___RD C:\Users\OFFICE\Dropbox
2017-02-13 10:21 - 2015-07-23 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-13 10:19 - 2015-08-25 20:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Adobe
2017-02-13 10:19 - 2015-07-23 09:19 - 01736006 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 10:18 - 2015-08-25 20:51 - 00000000 ___RD C:\Users\OFFICE\Creative Cloud Files
2017-02-13 10:13 - 2016-08-19 15:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 10:13 - 2016-08-19 15:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 10:12 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 08:59 - 2016-08-19 15:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-08 11:47 - 2016-08-19 15:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 11:46 - 2016-08-19 15:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 11:46 - 2016-08-19 15:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 09:48 - 2015-07-23 09:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 13:52 - 2015-09-12 13:47 - 00000000 ____D C:\Users\OFFICE\Documents\EBAGS
2017-02-06 10:36 - 2016-11-21 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-06 10:36 - 2015-08-25 20:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 15:19 - 2015-08-25 20:33 - 00002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-31 17:36 - 2017-01-06 10:28 - 24031232 _____ C:\Users\OFFICE\Desktop\Ampere Catalog Spring 2017.indd
2017-01-31 16:56 - 2016-04-13 08:01 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-31 11:01 - 2015-08-27 17:17 - 00000000 _____ C:\Users\OFFICE\Documents\dd3349ee-5016-4ca5-9e1e-afac500c835f
2017-01-25 14:37 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 09:34 - 2016-12-15 14:08 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 09:34 - 2015-08-25 20:33 - 00002412 _____ C:\Users\OFFICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-24 09:34 - 2015-08-25 20:33 - 00000000 ___RD C:\Users\OFFICE\OneDrive
2017-01-20 17:16 - 2016-05-11 08:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 13:49 - 2015-08-25 21:12 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-20 11:41 - 2015-10-31 14:21 - 01969152 ___SH C:\Users\OFFICE\Downloads\Thumbs.db
2017-01-19 10:22 - 2015-08-25 21:05 - 00000000 ____D C:\Users\OFFICE\Documents\Adobe
2017-01-19 10:22 - 2015-08-25 20:28 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\Adobe
2017-01-19 10:16 - 2016-12-20 11:53 - 00000000 ____D C:\Users\OFFICE\Desktop\Ampere 2017 Photography
2017-01-17 15:36 - 2017-01-12 15:56 - 00013660 _____ C:\Users\OFFICE\Desktop\Wedding List and Stuff.xlsx
2017-01-17 11:33 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 11:32 - 2015-08-25 20:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-17 10:00 - 2016-08-19 15:38 - 00000000 ____D C:\Users\OFFICE
2017-01-16 10:10 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2016-10-05 15:16 - 2016-10-05 15:16 - 0007160 _____ () C:\Users\OFFICE\AppData\Roaming\DellFaxOptions.xml
2017-01-04 15:04 - 2017-01-13 16:23 - 0001456 _____ () C:\Users\OFFICE\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-08 11:39 - 2016-08-08 11:39 - 0000000 _____ () C:\Users\OFFICE\AppData\Local\{2FC64FEE-9F15-4E1C-A39A-AF55C44E966D}
2015-11-24 09:24 - 2015-11-24 09:24 - 0000000 _____ () C:\Users\OFFICE\AppData\Local\{5B0B41A2-9F5C-458F-A6FE-50F868509B90}
2016-08-19 15:35 - 2016-08-19 15:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-27 15:16 - 2015-08-27 15:16 - 3856932 _____ () C:\ProgramData\SamPCFax000011E40000
2016-10-10 11:21 - 2016-10-10 11:21 - 3856932 _____ () C:\ProgramData\SamPCFax000014EC0000
2016-02-08 12:13 - 2016-02-08 12:13 - 3856932 _____ () C:\ProgramData\SamPCFax000026780000
2016-10-05 15:54 - 2016-10-05 15:54 - 3856932 _____ () C:\ProgramData\SamPCFax000041DC0000
2015-07-23 09:26 - 2015-07-23 09:26 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-07-23 09:23 - 2015-07-23 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-07-23 09:24 - 2015-07-23 09:26 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-07-23 09:23 - 2015-07-23 09:24 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
 
Some files in TEMP:
====================
2017-02-13 10:43 - 2016-05-16 12:50 - 0961888 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe
2016-05-31 01:13 - 2016-05-31 01:13 - 0219264 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll
2017-02-13 10:45 - 2016-05-31 01:13 - 0190272 _____ (McAfee Inc.) C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe
2016-10-05 15:16 - 2008-08-14 13:51 - 0222448 ____N () C:\Users\OFFICE\AppData\Local\Temp\MFPTIME.EXE
2016-10-24 09:53 - 2016-10-24 09:54 - 16826944 ____T (Geek Software GmbH                                          ) C:\Users\OFFICE\AppData\Local\Temp\pdf24-creator-update.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 09:11
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:27 AM

Posted 13 February 2017 - 08:58 PM

Closing duplicate.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users