Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random websites come up intermittently


  • This topic is locked This topic is locked
17 replies to this topic

#1 iqmgt

iqmgt

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 17 February 2017 - 11:10 PM

Different computer than my topic last week.  At random times when clicking a link or typing in a url a random page will launch in a new tab and load a random website.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
Ran by danielle310 (administrator) on DEE (17-02-2017 23:00:29)
Running from C:\Users\danielle310\Downloads
Loaded Profiles: danielle310 (Available Profiles: danielle310)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\ns.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\powercfg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\ns.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-09-09] (Apple Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.68\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.68\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.68\buShell.dll [2017-02-07] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D58B250A-1A2D-4C95-B78A-598CA761793D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D58B250A-1A2D-4C95-B78A-598CA761793D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DC2DDCB9-61C6-4B7B-B2BE-F515ADFCC5A7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DC2DDCB9-61C6-4B7B-B2BE-F515ADFCC5A7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1251146238-4233983468-471593903-1000 -> {A4B28E2F-61B2-4F15-B3A4-DECCCF50B8D3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-17] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\coIEPlg.dll [2017-02-07] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-02-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-17] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-02-17] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.0.68\coIEPlg.dll [2017-02-07] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-02-17] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-02-17] (Microsoft Corporation)
BHO-x32: CutePDF Form Filler Helper -> {D41289F2-69C6-417B-897E-C653D677CBAF} -> C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll [2007-03-01] (Acro Software Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\coIEPlg.dll [2017-02-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.0.68\coIEPlg.dll [2017-02-07] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-17] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2017-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1251146238-4233983468-471593903-1000: @citrixonline.com/appdetectorplugin -> C:\Users\danielle310\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-1251146238-4233983468-471593903-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\danielle310\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2017-01-05] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin HKU\S-1-5-21-1251146238-4233983468-471593903-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\danielle310\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\danielle310\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-06-13] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
CHR Extension: (Google Docs) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-09]
CHR Extension: (Google Search) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pinterest Save Button) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (Norton Identity Safe) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-01-26]
CHR Extension: (Cisco WebEx Extension) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-30]
CHR Extension: (Advertisements by QuizDiamond) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgljionbhcfbnpjgfnhhoadpdngkmfnh [2017-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Gmail) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\Exts\Chrome.crx [2017-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\Exts\Chrome.crx [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\NS.exe [326160 2017-02-06] (Symantec Corporation)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-30] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-20] (Atheros) [File not signed]
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20170215.002\BHDrvx64.sys [1874136 2017-02-15] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.044\ccSetx64.sys [174240 2017-02-07] (Symantec Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20170215.001\IDSvia64.sys [1038024 2017-02-15] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1609000.044\SRTSP64.SYS [760992 2017-02-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.044\SRTSPX64.SYS [49312 2017-02-07] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.044\SYMEFASI64.SYS [1716896 2017-02-07] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-02-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.044\Ironx64.SYS [291480 2017-02-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1609000.044\SYMNETS.SYS [567512 2017-02-07] (Symantec Corporation)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Western Digital Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170126.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170126.001\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 23:00 - 2017-02-17 23:02 - 00026917 _____ C:\Users\danielle310\Downloads\FRST.txt
2017-02-17 23:00 - 2017-02-17 23:00 - 00000000 ____D C:\Users\danielle310\Downloads\FRST-OlderVersion
2017-02-17 18:17 - 2017-02-17 18:17 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-17 18:17 - 2017-02-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-17 18:16 - 2017-02-17 18:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-17 18:08 - 2017-02-17 23:00 - 00000000 ____D C:\FRST
2017-02-17 18:02 - 2017-02-17 23:00 - 02422272 _____ (Farbar) C:\Users\danielle310\Downloads\FRST64.exe
2017-02-17 17:58 - 2017-02-17 17:58 - 03907384 _____ (Microsoft Corporation) C:\Users\danielle310\Downloads\Setup.X86.en-us_O365BusinessRetail_0d0596c4-208a-420a-8eb8-5dd3621947cd_TX_PR_b_32_.exe
2017-02-17 08:39 - 2017-02-17 08:39 - 00002309 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02172017083924.csv
2017-02-17 06:39 - 2017-02-17 06:38 - 00185856 _____ C:\Users\danielle310\Desktop\BMRN S&P.pdf
2017-02-17 06:36 - 2017-02-17 06:36 - 00187904 _____ C:\Users\danielle310\Desktop\BAC S&P.pdf
2017-02-17 06:34 - 2017-02-17 06:34 - 00447362 _____ C:\Users\danielle310\Desktop\BAC MS.pdf
2017-02-17 05:23 - 2017-02-17 05:23 - 00002309 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02172017052330.csv
2017-02-16 12:45 - 2017-02-16 12:45 - 00000000 ____D C:\Program Files\NortonInstaller
2017-02-16 11:10 - 2017-02-16 11:10 - 00002126 _____ C:\Users\danielle310\Desktop\RingCentral Meetings.lnk
2017-02-16 11:10 - 2017-02-16 11:10 - 00000000 ____D C:\Users\danielle310\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RingCentral Meetings
2017-02-16 11:09 - 2017-02-16 11:10 - 00000000 ____D C:\Users\danielle310\AppData\Roaming\RingCentralMeetings
2017-02-16 11:09 - 2017-02-16 11:09 - 00147184 _____ (Zoom Video Communications, Inc.) C:\Users\danielle310\Downloads\RingCentral_launcher.exe
2017-02-16 07:24 - 2017-02-16 07:24 - 00002300 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02162017072429.csv
2017-02-15 19:52 - 2017-02-15 19:52 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2017-02-15 19:46 - 2017-02-15 19:46 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-02-15 10:22 - 2017-02-15 10:21 - 00241838 _____ C:\Users\danielle310\Desktop\RUN Report.pdf
2017-02-15 07:39 - 2017-02-15 07:39 - 00000566 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02152017073928.csv
2017-02-14 08:44 - 2017-02-14 08:44 - 00001683 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02142017084420.csv
2017-02-14 07:42 - 2017-02-14 07:42 - 00001683 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02142017074205.csv
2017-02-13 07:56 - 2017-02-13 07:56 - 00000563 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02132017075612.csv
2017-02-10 08:39 - 2017-02-10 08:39 - 00000753 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02102017083949.csv
2017-02-10 08:31 - 2017-02-10 08:31 - 00000753 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02102017083144.csv
2017-02-10 08:14 - 2017-02-10 08:14 - 00000753 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02102017081438.csv
2017-02-09 15:04 - 2017-02-09 15:04 - 00059639 _____ C:\Users\danielle310\Downloads\preview (23).pdf
2017-02-09 13:01 - 2017-02-09 13:01 - 00000000 ____D C:\Users\danielle310\AppData\Local\GoDaddy
2017-02-09 12:59 - 2017-02-09 12:59 - 16636064 _____ (SkyKick) C:\Users\danielle310\Downloads\Outlook_Setup_Assistant_installation.exe
2017-02-09 12:59 - 2017-02-09 12:59 - 16636064 _____ (SkyKick) C:\Users\danielle310\Downloads\Outlook_Setup_Assistant_installation (1).exe
2017-02-09 09:09 - 2017-02-09 09:09 - 00005719 _____ C:\Users\danielle310\Downloads\Trans_Acct_80861596_020917.090905AM_ET.csv
2017-02-09 08:42 - 2017-02-09 08:42 - 00002342 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02092017084230.csv
2017-02-08 13:01 - 2017-02-09 13:05 - 00000000 ____D C:\Users\danielle310\AppData\Roaming\TeamViewer
2017-02-08 13:01 - 2017-02-09 12:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-08 13:01 - 2017-02-08 13:01 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-08 13:01 - 2017-02-08 13:01 - 00001033 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-08 12:13 - 2017-02-08 12:13 - 00003934 _____ C:\Users\danielle310\Downloads\Positions_Acct_38833746_020817.121330PM_ET.csv
2017-02-08 08:43 - 2017-02-08 08:43 - 00000457 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02082017084318.csv
2017-02-08 08:43 - 2017-02-08 08:43 - 00000457 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02082017084312.csv
2017-02-08 08:43 - 2017-02-08 08:43 - 00000457 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02082017084310.csv
2017-02-08 08:37 - 2017-02-08 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 13:47 - 2017-02-07 13:47 - 00041115 _____ C:\Users\danielle310\Downloads\1.23.17 (3).xlsx
2017-02-07 13:34 - 2017-02-07 13:34 - 00571170 _____ C:\Users\danielle310\Downloads\7797-3289_113016_stmt.pdf
2017-02-07 13:00 - 2017-02-07 13:00 - 00070036 _____ C:\Users\danielle310\Downloads\preview (22).pdf
2017-02-07 12:48 - 2017-02-07 12:48 - 00070036 _____ C:\Users\danielle310\Downloads\preview (21).pdf
2017-02-07 09:11 - 2017-02-07 09:11 - 00003940 _____ C:\Users\danielle310\Downloads\Trans_Acct_80861596_020717.091111AM_ET.csv
2017-02-07 08:43 - 2017-02-07 08:43 - 00003169 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02072017084327.csv
2017-02-07 08:43 - 2017-02-07 08:43 - 00003169 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02072017084326.csv
2017-02-06 23:38 - 2017-02-06 23:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-06 13:18 - 2017-02-06 13:18 - 00001613 _____ C:\Users\danielle310\Downloads\Positions_Acct_35846310_020617.011856PM_ET.csv
2017-02-06 13:11 - 2017-02-17 10:40 - 00000942 _____ C:\Users\danielle310\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-02-06 13:11 - 2017-02-17 10:40 - 00000934 _____ C:\Users\danielle310\Desktop\join.me.lnk
2017-02-06 11:43 - 2017-02-06 11:43 - 00445636 _____ C:\Users\danielle310\Desktop\ReportRetrieve.pdf
2017-02-06 11:27 - 2017-02-06 11:27 - 00703508 _____ C:\Users\danielle310\Desktop\Stanley Marks Estate letter.pdf
2017-02-06 09:59 - 2017-02-06 09:59 - 00071531 _____ C:\Users\danielle310\Downloads\preview (20).pdf
2017-02-06 09:14 - 2017-02-06 09:14 - 00000516 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02062017091436.csv
2017-02-06 08:46 - 2017-02-06 08:46 - 00000463 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02062017084609.csv
2017-02-06 08:46 - 2017-02-06 08:46 - 00000463 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02062017084029.csv
2017-02-06 08:46 - 2017-02-06 08:46 - 00000463 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02062017084026.csv
2017-02-06 08:40 - 2017-02-06 08:40 - 00000463 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02062017084025.csv
2017-02-06 08:40 - 2017-02-06 08:40 - 00000463 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02062017084015.csv
2017-02-02 13:53 - 2017-02-02 13:53 - 00052055 _____ C:\Users\danielle310\Downloads\preview (19).pdf
2017-02-02 13:52 - 2017-02-02 13:52 - 00052055 _____ C:\Users\danielle310\Downloads\preview (18).pdf
2017-02-02 13:51 - 2017-02-02 13:51 - 00071663 _____ C:\Users\danielle310\Downloads\preview (17).pdf
2017-02-02 08:46 - 2017-02-02 08:46 - 00001324 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02022017084643.csv
2017-02-01 12:25 - 2017-02-01 12:25 - 00104960 _____ C:\Users\danielle310\Downloads\Leslie Baby Shower.xls
2017-02-01 10:03 - 2017-02-01 10:03 - 00003759 _____ C:\Users\danielle310\Downloads\Positions_Acct_38833746_020117.100358AM_ET.csv
2017-02-01 09:53 - 2017-02-01 09:53 - 00004554 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02012017095309.csv
2017-02-01 09:35 - 2017-02-01 09:35 - 00671416 _____ C:\Users\danielle310\Desktop\PANW GS.pdf
2017-02-01 09:32 - 2017-02-01 09:32 - 00304173 _____ C:\Users\danielle310\Desktop\FEYE GS.pdf
2017-02-01 09:28 - 2017-02-01 09:28 - 00002039 _____ C:\Users\danielle310\Downloads\Trans_Acct_52834836_020117.092843AM_ET.csv
2017-02-01 09:27 - 2017-02-01 09:27 - 00001330 _____ C:\Users\danielle310\Downloads\OrderStatusExport_02012017092739.csv
2017-01-31 16:20 - 2017-01-31 16:20 - 00069548 _____ C:\Users\danielle310\Downloads\preview (16).pdf
2017-01-31 16:19 - 2017-01-31 16:19 - 00059755 _____ C:\Users\danielle310\Downloads\preview (15).pdf
2017-01-31 16:18 - 2017-01-31 16:18 - 00069609 _____ C:\Users\danielle310\Downloads\preview (13).pdf
2017-01-31 16:18 - 2017-01-31 16:18 - 00069548 _____ C:\Users\danielle310\Downloads\preview (14).pdf
2017-01-31 14:56 - 2017-01-31 14:56 - 00067754 _____ C:\Users\danielle310\Downloads\preview (12).pdf
2017-01-31 12:22 - 2017-01-31 12:22 - 00069603 _____ C:\Users\danielle310\Downloads\preview (11).pdf
2017-01-31 12:17 - 2017-01-31 12:17 - 00069518 _____ C:\Users\danielle310\Downloads\preview (10).pdf
2017-01-31 11:53 - 2017-01-31 11:53 - 00069392 _____ C:\Users\danielle310\Downloads\preview (9).pdf
2017-01-31 11:50 - 2017-01-31 11:50 - 00066445 _____ C:\Users\danielle310\Downloads\preview (8).pdf
2017-01-31 10:49 - 2017-01-31 10:49 - 00041115 _____ C:\Users\danielle310\Downloads\1.23.17 (2).xlsx
2017-01-31 08:41 - 2017-01-31 08:41 - 00000422 _____ C:\Users\danielle310\Downloads\OrderStatusExport_01312017084126.csv
2017-01-30 15:54 - 2017-01-30 15:54 - 00061443 _____ C:\Users\danielle310\Downloads\preview (7).pdf
2017-01-30 15:51 - 2017-01-30 15:51 - 00058218 _____ C:\Users\danielle310\Downloads\preview (6).pdf
2017-01-30 15:39 - 2017-01-30 15:39 - 00081108 _____ C:\Users\danielle310\Downloads\preview (5).pdf
2017-01-30 15:12 - 2017-01-30 15:12 - 00000000 ____D C:\ProgramData\pdfforge
2017-01-30 09:28 - 2017-01-30 09:28 - 00293935 _____ C:\Users\danielle310\Desktop\Metals and Mining.pdf
2017-01-30 09:11 - 2017-02-16 12:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-01-30 09:11 - 2017-02-16 07:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-30 08:26 - 2017-02-02 09:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-26 15:12 - 2017-01-26 15:50 - 00025021 _____ C:\Users\danielle310\Downloads\preview (4).pdf
2017-01-26 15:12 - 2017-01-26 15:50 - 00025021 _____ C:\Users\danielle310\Downloads\preview (3).pdf
2017-01-26 15:12 - 2017-01-26 15:49 - 00025021 _____ C:\Users\danielle310\Downloads\preview (2).pdf
2017-01-26 15:12 - 2017-01-26 15:40 - 00025119 _____ C:\Users\danielle310\Downloads\preview (1).pdf
2017-01-26 13:57 - 2017-01-26 15:12 - 00025112 _____ C:\Users\danielle310\Downloads\preview.pdf
2017-01-26 12:32 - 2017-01-26 12:33 - 00041115 _____ C:\Users\danielle310\Downloads\1.23.17 (1).xlsx
2017-01-26 12:31 - 2017-01-26 12:31 - 00041117 _____ C:\Users\danielle310\Downloads\1.20.17.xlsx
2017-01-26 12:31 - 2017-01-26 12:31 - 00041115 _____ C:\Users\danielle310\Downloads\1.23.17.xlsx
2017-01-26 11:47 - 2017-01-26 11:47 - 00001174 _____ C:\Users\Public\Desktop\WD Security.lnk
2017-01-26 11:47 - 2017-01-26 11:47 - 00001119 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2017-01-26 11:47 - 2017-01-26 11:47 - 00000000 ____D C:\Users\danielle310\AppData\Roaming\Western Digital
2017-01-26 11:46 - 2017-01-26 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-01-26 11:46 - 2017-01-26 11:47 - 00000000 ____D C:\Program Files (x86)\Western Digital
2017-01-26 11:46 - 2017-01-26 11:46 - 00002155 _____ C:\Users\Public\Desktop\WD Backup.lnk
2017-01-26 11:46 - 2017-01-26 11:46 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-26 11:13 - 2017-02-15 19:46 - 00002282 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-01-26 11:13 - 2017-02-13 07:56 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-01-26 11:13 - 2017-02-13 07:56 - 00008298 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-01-26 11:13 - 2017-01-26 11:13 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-01-26 11:12 - 2017-02-15 19:47 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2017-01-26 11:12 - 2017-02-15 19:47 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-01-26 11:12 - 2017-02-15 19:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-01-26 11:11 - 2017-01-26 11:11 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-01-26 11:11 - 2017-01-26 11:11 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-01-26 11:10 - 2017-01-26 11:17 - 00000000 ____D C:\Users\danielle310\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2017-01-26 11:10 - 2017-01-26 11:17 - 00000000 ____D C:\ProgramData\Norton
2017-01-26 11:10 - 2017-01-26 11:10 - 01100576 _____ (Symantec Corporation) C:\Users\danielle310\Downloads\NSDeluxeDownloader.exe
2017-01-26 11:10 - 2017-01-26 11:10 - 01100576 _____ (Symantec Corporation) C:\Users\danielle310\Downloads\NSDeluxeDownloader (1).exe
2017-01-26 11:10 - 2017-01-26 11:10 - 00001232 _____ C:\Users\danielle310\Desktop\Norton Installation Files.lnk
2017-01-26 11:10 - 2017-01-26 11:10 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-01-26 10:24 - 2017-01-26 10:24 - 00289055 _____ C:\Users\danielle310\Desktop\T GS.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 23:01 - 2015-09-02 10:37 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-17 23:00 - 2016-11-29 15:16 - 00003466 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2017-02-17 23:00 - 2015-09-02 10:37 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-17 22:59 - 2015-09-02 10:39 - 00000000 ___RD C:\Users\danielle310\Dropbox
2017-02-17 22:59 - 2015-06-04 12:37 - 00000694 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1251146238-4233983468-471593903-1000.job
2017-02-17 22:59 - 2014-09-19 12:23 - 00000598 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1251146238-4233983468-471593903-1000.job
2017-02-17 22:59 - 2014-08-19 07:19 - 00117440 _____ C:\Users\danielle310\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-17 22:59 - 2014-05-29 15:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-17 19:05 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-17 19:05 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-17 18:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 18:57 - 2009-07-13 23:45 - 00450264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-17 18:52 - 2014-08-21 17:14 - 00000000 ____D C:\Users\danielle310\Documents\Outlook Files
2017-02-17 18:29 - 2014-08-22 07:58 - 00002138 _____ C:\Users\danielle310\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-02-17 18:29 - 2014-08-22 07:58 - 00002102 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-02-17 18:29 - 2014-08-22 07:58 - 00002102 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-02-17 18:29 - 2014-08-22 07:58 - 00000000 ___RD C:\Users\danielle310\OneDrive
2017-02-17 18:29 - 2014-08-22 07:58 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-02-17 18:27 - 2014-05-29 15:30 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-17 18:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-17 18:15 - 2014-05-29 15:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-17 17:58 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-17 17:52 - 2014-08-19 07:18 - 00000000 ____D C:\Users\danielle310
2017-02-17 11:30 - 2016-11-30 11:47 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-02-17 10:40 - 2014-08-25 10:26 - 00000000 ____D C:\Users\danielle310\AppData\Local\join.me
2017-02-17 10:21 - 2014-08-21 16:59 - 00000000 ____D C:\Users\danielle310\AppData\Local\Deployment
2017-02-17 08:41 - 2014-08-21 17:05 - 00000000 ____D C:\Users\danielle310\Documents\Yesterday Trades
2017-02-16 20:46 - 2016-09-13 17:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-15 19:50 - 2016-09-13 17:03 - 00001945 _____ C:\Windows\epplauncher.mif
2017-02-14 20:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-09 13:11 - 2014-08-20 07:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-09 13:04 - 2011-02-10 09:33 - 00802954 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-09 12:15 - 2014-08-21 17:04 - 00000000 ____D C:\Users\danielle310\Documents\MS Monthly Reports
2017-02-08 13:35 - 2014-08-21 17:04 - 00000000 ____D C:\Users\danielle310\Documents\Fax Cover Sheets
2017-02-08 12:00 - 2014-08-25 09:14 - 00000000 ____D C:\Users\danielle310\Desktop\Research
2017-02-08 08:37 - 2015-09-02 10:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 14:06 - 2014-08-21 17:00 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 14:06 - 2014-08-21 17:00 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 13:24 - 2014-08-21 17:04 - 00000000 ____D C:\Users\danielle310\Documents\Expected Income
2017-02-02 11:42 - 2016-08-04 07:45 - 00000000 ____D C:\Users\danielle310\Desktop\Audit
2017-02-01 12:34 - 2014-08-21 16:40 - 00000000 ___RD C:\Users\danielle310\Desktop\danielle
2017-02-01 10:46 - 2014-08-21 16:40 - 00000000 ____D C:\Users\danielle310\Desktop\RG Reports
2017-02-01 09:39 - 2014-08-21 17:03 - 00000000 ____D C:\Users\danielle310\Documents\CPRX Trades
2017-02-01 09:16 - 2016-12-21 14:04 - 00023051 _____ C:\Users\danielle310\Desktop\Agreement  List 12.21.16.xlsx
2017-01-31 09:14 - 2015-06-01 08:52 - 00000000 ____D C:\Users\danielle310\AppData\Local\join.me.launcher
2017-01-31 09:13 - 2015-10-15 09:20 - 00000174 _____ C:\Users\danielle310\BullseyeCoverageError.txt
2017-01-30 15:17 - 2016-09-14 14:48 - 00000000 ____D C:\ProgramData\PDF Architect 4
2017-01-30 15:06 - 2014-12-26 08:24 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-30 15:06 - 2014-08-19 10:41 - 00000000 ____D C:\Users\danielle310\AppData\Local\Adobe
2017-01-30 15:05 - 2016-11-10 08:31 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-26 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2017-01-26 11:47 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-26 09:39 - 2014-08-19 09:39 - 00000000 ___RD C:\Users\danielle310\Desktop\Client
2017-01-26 09:35 - 2014-08-19 09:46 - 00000000 ___RD C:\Users\danielle310\Desktop\SPARTAN
2017-01-25 08:24 - 2015-06-04 12:37 - 00003722 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1251146238-4233983468-471593903-1000
2017-01-25 08:24 - 2014-09-19 12:23 - 00003626 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1251146238-4233983468-471593903-1000
2017-01-24 09:03 - 2014-08-21 16:40 - 00000000 ____D C:\Users\danielle310\Desktop\Stops
2017-01-24 08:59 - 2014-08-25 09:12 - 00000000 ____D C:\Users\danielle310\Desktop\apps.forms
2017-01-24 08:58 - 2014-08-21 16:40 - 00000000 ____D C:\Users\danielle310\Desktop\Billing
2017-01-23 08:48 - 2014-08-22 13:29 - 00000000 ____D C:\Users\danielle310\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2016-09-13 17:31 - 2016-09-13 17:31 - 0007625 _____ () C:\Users\danielle310\AppData\Local\Resmon.ResmonCfg
2014-05-29 15:28 - 2014-05-29 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-14 20:18
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by danielle310 (17-02-2017 23:02:38)
Running from C:\Users\danielle310\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-08-19 12:18:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1251146238-4233983468-471593903-500 - Administrator - Disabled)
danielle310 (S-1-5-21-1251146238-4233983468-471593903-1000 - Administrator - Enabled) => C:\Users\danielle310
Guest (S-1-5-21-1251146238-4233983468-471593903-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.1 (HKLM-x32\...\MP Navigator EX 1.1) (Version:  - )
Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version:  - )
Canon MX850 series User Registration (HKLM-x32\...\Canon MX850 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
CutePDF Form Filler 3.5 (Evaluation) (HKLM-x32\...\CutePDF Form Filler (Evaluation)_is1) (Version:  - Acro Software Inc.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DriverMax 9 (HKLM-x32\...\DMX5_is1) (Version: 9.12.0.30 - Innovative Solutions)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.31.0.6291 (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\JoinMe) (Version: 3.1.0.4367 - LogMeIn, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Morningstar Office (HKLM-x32\...\Morningstar Office) (Version: AWD3.19.000.0 - )
Morningstar Office Prerequisite 3.16 (HKLM-x32\...\{8E9DE411-308E-4CDC-9753-0CAA4653C126}) (Version: 3.15.000 - Morningstar Inc.)
Morningstar Office Prerequisite 3.18 (HKLM-x32\...\{12A4C603-F5CE-4CE3-B12B-6D3D9F71B782}) (Version: 3.18.000 - Morningstar Inc.)
Mozilla Firefox 50.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.1 (x86 en-US)) (Version: 50.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.9.0.68 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Presto! PageManager 7.15.20 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.20 - NewSoft Technology Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
RingCentral Meetings (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\RingCentralMeetings) (Version: 4.4 - Zoom Video Communications, Inc. and RingCentral Inc.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{FE893E2C-11B4-47CB-88F6-6647D90C6A13}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Schwab Data Delivery - 1  (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\ebb9ba9810bf3c43) (Version: 1.10.2930.114 - Charles Schwab - Schwab Data Delivery)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1251146238-4233983468-471593903-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1251146238-4233983468-471593903-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07F4D08E-D8DF-4530-9C70-7C873DD4690D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1251146238-4233983468-471593903-1000 => C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe [2017-01-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {156F2ACD-85E0-418F-8060-B52AEF75757C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {2FB60787-98BC-4B83-95C0-30703B8D6118} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1251146238-4233983468-471593903-1000
Task: {3FEBB2F2-9A19-4C78-9E01-0315DE444569} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {459F45D0-7108-4142-A677-B08EB75BE41A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {45FC3B67-B8AE-406D-9477-53DFC9C17302} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {46776A89-C734-4C8B-A586-2AA44539CFDA} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-02-07] (Symantec Corporation)
Task: {53D05DC2-3EE8-486B-9C0C-5B798FAA83D3} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {5CD0A548-A60A-43DB-9B28-BD1EF2969CE6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {6488D750-E89E-43C5-BA9A-D253668BA8D6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe 
Task: {6B5730EA-F552-49DC-9359-5F6CAF4B7553} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {6C865B7C-8AA6-4673-98F6-8927D38ABDB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe 
Task: {7B7C97F8-72EF-4549-B1E3-73B707FEB695} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {93B8C8F2-63C1-4CA4-9AA3-635F0D4E6622} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {98087802-DACF-4A1E-B6FA-55E983E6A4D1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {9C205E26-82F5-472F-BDF6-1B0F650077F2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {AF3EB9FD-DEBE-4C72-9CCB-3A7345593342} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {D1E6FA67-B1A5-4F97-846A-D6823EB15A6F} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2016-11-17] (Innovative Solutions)
Task: {DA370768-4E91-4426-9A69-918C086CD3DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E607F739-8C10-4652-95E9-7958E61FB389} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {ED2FF1FE-4EEA-4662-BAFD-F2028C711045} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-29] (Adobe Systems Incorporated)
Task: {F07241CF-806B-469D-A48B-0E9DD20B99B0} - System32\Tasks\G2MUploadTask-S-1-5-21-1251146238-4233983468-471593903-1000 => C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe [2017-01-25] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F2E7889B-C46A-4800-B061-9B38F87E61E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {FBE0F5A8-DCD4-47AB-9C0D-E24A770E32EE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\WSCStub.exe [2017-02-07] (Symantec Corporation)
Task: {FCF5FC9C-F4CB-4AE1-BE89-BE4839E52874} - System32\Tasks\{1A2BCE4C-951A-465B-A70F-47FCF1B60CF5} => pcalua.exe -a C:\Users\danielle310\Downloads\setup_en.exe -d C:\Users\danielle310\Downloads
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1251146238-4233983468-471593903-1000.job => C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1251146238-4233983468-471593903-1000.job => C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\danielle310\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d70141fadd380fd5\Screenwise Trends Panel.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmieefkpoaagiboijfjhidningfpomge
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-17 18:29 - 2017-02-17 18:29 - 00959168 _____ () C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-02-17 18:06 - 2017-02-17 18:06 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-08 08:36 - 2017-02-06 23:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-08 08:37 - 2017-01-13 18:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-08 08:37 - 2017-01-13 18:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-08 08:37 - 2017-01-13 18:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-08 08:37 - 2017-01-13 18:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-08 08:37 - 2017-01-13 18:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 08:36 - 2017-01-13 18:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-08 08:36 - 2017-01-13 18:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-08 08:36 - 2017-01-13 18:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-08 08:37 - 2017-01-13 18:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-08 08:36 - 2017-01-13 18:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-08 08:36 - 2017-01-13 18:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-08 08:37 - 2017-01-13 18:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-08 08:37 - 2017-01-13 18:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-08 08:37 - 2017-01-13 18:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-08 08:37 - 2017-01-13 18:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-08 08:37 - 2017-01-13 18:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-08 08:37 - 2017-01-13 18:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-08 08:37 - 2017-01-13 18:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 08:36 - 2017-01-13 18:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-08 08:36 - 2017-02-06 23:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 08:36 - 2017-01-13 19:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-08 08:36 - 2017-01-13 19:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-08 08:36 - 2017-02-06 23:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-08 08:37 - 2017-01-13 18:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-08 08:37 - 2017-02-06 23:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 08:36 - 2017-02-06 23:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\gs.com -> hxxps://360.gs.com
IE trusted site: HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\morningstar.com -> morningstar.com
IE trusted site: HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\schwabinstitutional.com -> schwabinstitutional.com
IE trusted site: HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\sharepoint.com -> hxxps://netorg480051.sharepoint.com
IE trusted site: HKU\S-1-5-21-1251146238-4233983468-471593903-1000\...\wallst.com -> *.sim.wallst.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-11-29 15:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\danielle310\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: PDF Architect 4 => 3
MSCONFIG\Services: PDF Architect 4 CrashHandler => 3
MSCONFIG\Services: PDF Architect 4 Creator => 2
MSCONFIG\Services: PDF Architect 4 Manager => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: ZAtheros Wlan Agent => 2
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: join.me.launcher => C:\Users\danielle310\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
MSCONFIG\startupreg: RtHDVBg_PushButton => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SmileboxTray => "C:\Users\danielle310\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{99BDE4E4-0CBD-49CB-8B3E-FF82B8E347A5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A6CC46E4-D579-49C9-A2E4-35DBD23F3196}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{F8939CCF-4F39-45A3-BB06-A948E6C19C55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96ECBF85-54D1-4C15-BCD5-D55786AA8348}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A216363-EDBB-4584-85C1-1F2DB07231F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9E39440D-AB5D-4064-8B2D-43F0DFAE39CD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{ACD033EF-6B5D-46A1-B82A-1F4497D92811}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5293453-90BC-49F2-9931-B073663DB64F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{53106383-569D-4344-B46D-FFB51E55F9F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DC48EB88-509C-4178-B04E-4A2C3926DB6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3A0DA5CD-DB34-4E95-80B0-6F2AAEFDE257}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DEE826A4-9A90-4830-AC06-816B7B7BABC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1AF32BAD-2857-4567-B214-1C8FC0F4D5BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F01E239E-3DDF-42E0-A36F-FD8ABA918AA2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{87E74F75-3254-4352-B369-0CA9E65B3E80}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\MStarAWD.exe] => Enabled:MStarAWD Application
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\AWDImport.exe] => Enabled:AWDImport Application
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\MSUpdate.exe] => Enabled:MSUpdate Application
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\MSUpdateVista.exe] => Enabled:MSUpdateVista Application
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\MStarAWD.exe] => Enabled:MStarAWD Application
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\AWDImport.exe] => Enabled:AWDImport Application
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\MSUpdate.exe] => Enabled:MSUpdate Application
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Morningstar\Office\MSUpdateVista.exe] => Enabled:MSUpdateVista Application
 
==================== Restore Points =========================
 
13-02-2017 08:03:22 Windows Update
13-02-2017 16:00:40 Windows Backup
14-02-2017 16:00:40 Windows Backup
15-02-2017 16:00:37 Windows Backup
16-02-2017 16:00:15 Windows Backup
17-02-2017 16:00:19 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2017 11:02:52 PM) (Source: Microsoft Office 16) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.
 
Error: (02/17/2017 11:02:33 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.
 
Error: (02/17/2017 11:01:34 PM) (Source: Microsoft Office 16) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.
 
Error: (02/17/2017 06:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/17/2017 06:57:22 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/17/2017 06:51:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/17/2017 06:51:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/17/2017 06:17:45 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/17/2017 06:17:44 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/17/2017 06:13:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (02/17/2017 11:03:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/17/2017 11:03:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (02/17/2017 11:00:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (02/17/2017 05:50:39 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/17/2017 05:15:44 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/16/2017 08:02:50 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/16/2017 06:48:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (02/16/2017 06:47:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (02/16/2017 06:47:58 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/16/2017 05:47:43 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-29 15:52:37.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-29 15:52:37.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-13 08:40:20.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-13 08:40:20.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-13 08:37:53.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-13 08:37:53.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:37:33.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:37:33.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:24:07.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 08:24:07.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 4012.95 MB
Available physical RAM: 2505.02 MB
Total Virtual: 8024.08 MB
Available Virtual: 6191.48 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:438.5 GB) (Free:329.35 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:626.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 83368810)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=27.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=438.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 18 February 2017 - 08:09 AM

Hello iqmgt and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 18 February 2017 - 09:22 AM

Hi iqmgt,

Norton Security (Enabled) 
Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
========================================================================================
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

 

Coupon Printer for Windows
AskPartnerNetwork

Java 8 Update 101

Adobe Flash Player

 

And PC restart

============================================================

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 iqmgt

iqmgt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 18 February 2017 - 02:27 PM

Windows firewall says it is already disabled.

 

I did not see Askpartnernetwork in the list of installed programs.  Other programs have been removed.

 

Recovery console install option was not offered.

 

ComboFix 17-01-29.01 - danielle310 02/18/2017  14:12:50.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4013.1730 [GMT -5:00]
Running from: C:\Users\danielle310\Downloads\ComboFix.exe
AV: Norton Security *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
FW: Norton Security *Disabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
SP: Norton Security *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2017-01-18 to 2017-02-18  )))))))))))))))))))))))))))))))
 
 
2017-02-18 19:19:18 . 2017-02-18 19:19:18 -------- d-----w- C:\Users\Public\AppData\Local\temp
2017-02-18 19:19:18 . 2017-02-18 19:19:18 -------- d-----w- C:\Users\Default\AppData\Local\temp
2017-02-18 07:17:41 . 2017-02-18 19:10:29 -------- d-----w- C:\Users\danielle310\AppData\Local\SaraResults
2017-02-18 07:09:29 . 2017-02-18 07:17:22 -------- d-----w- C:\Users\danielle310\AppData\Local\SaRALogs
2017-02-17 23:16:33 . 2017-02-17 23:17:34 -------- d-----w- C:\Program Files\Microsoft Office 15
2017-02-17 23:08:56 . 2017-02-18 04:04:23 -------- d-----w- C:\FRST
2017-02-16 17:45:32 . 2017-02-16 17:45:32 -------- d-----w- C:\Program Files\NortonInstaller
2017-02-16 16:09:53 . 2017-02-16 16:10:14 -------- d-----w- C:\Users\danielle310\AppData\Roaming\RingCentralMeetings
2017-02-09 18:01:42 . 2017-02-09 18:01:42 -------- d-----w- C:\Users\danielle310\AppData\Local\GoDaddy
2017-02-08 18:01:49 . 2017-02-09 18:05:12 -------- d-----w- C:\Users\danielle310\AppData\Roaming\TeamViewer
2017-02-08 18:01:23 . 2017-02-09 17:53:53 -------- d-----w- C:\Program Files (x86)\TeamViewer
2017-02-07 04:38:06 . 2017-02-07 04:38:06 46400 ----a-w- C:\Windows\system32\DbxSvc.exe
2017-02-07 04:38:06 . 2017-02-07 04:38:06 46192 ----a-w- C:\Windows\system32\drivers\dbx-stable.sys
2017-02-07 04:38:06 . 2017-02-07 04:38:06 46192 ----a-w- C:\Windows\system32\drivers\dbx-dev.sys
2017-02-07 04:38:06 . 2017-02-07 04:38:06 46192 ----a-w- C:\Windows\system32\drivers\dbx-canary.sys
2017-01-30 20:12:26 . 2017-01-30 20:12:26 -------- d-----w- C:\ProgramData\pdfforge
2017-01-30 14:11:09 . 2017-02-16 12:26:51 -------- d-----w- C:\Program Files\Common Files\AV
2017-01-28 23:28:32 . 2017-01-28 23:28:32 209096 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-01-28 23:28:00 . 2017-01-28 23:28:00 29384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-01-28 23:23:04 . 2017-01-28 23:23:04 400072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-01-26 16:47:46 . 2017-01-26 16:47:46 -------- d-----w- C:\Users\danielle310\AppData\Roaming\Western Digital
2017-01-26 16:46:41 . 2017-01-26 16:47:29 -------- d-----w- C:\Program Files (x86)\Western Digital
2017-01-26 16:46:41 . 2017-01-26 16:46:42 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2017-01-26 16:46:41 . 2017-01-26 16:46:41 -------- d-----w- C:\ProgramData\Western Digital
2017-01-26 16:27:08 . 2017-01-26 16:27:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2017-01-26 16:13:53 . 2017-02-13 12:56:35 102608 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2017-01-26 16:13:52 . 2017-01-26 16:13:53 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2017-01-26 16:12:07 . 2017-02-16 00:47:11 -------- d-----w- C:\Windows\system32\drivers\NSx64
2017-01-26 16:12:04 . 2017-02-16 00:47:13 -------- d-----w- C:\Program Files (x86)\Norton Security
2017-01-26 16:11:53 . 2017-01-26 16:11:53 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2017-01-26 16:10:49 . 2017-01-26 16:17:47 -------- d-----w- C:\ProgramData\Norton
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2017-01-29 13:50:16 . 2014-08-22 12:53:35 2991296 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-01-12 08:01:26 . 2015-03-04 13:36:03 135657872 -c--a-w- C:\Windows\system32\MRT.exe
2017-01-05 18:55:50 . 2017-01-11 13:49:46 95464 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2017-01-05 18:55:50 . 2017-01-11 13:49:46 154856 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52:30 . 2017-01-11 13:49:45 210432 ----a-w- C:\Windows\system32\wdigest.dll
2017-01-05 18:52:29 . 2017-01-11 13:49:45 86528 ----a-w- C:\Windows\system32\TSpkg.dll
2017-01-05 18:52:29 . 2017-01-11 13:49:45 135680 ----a-w- C:\Windows\system32\sspicli.dll
2017-01-05 18:52:29 . 2017-01-11 13:49:44 28672 ----a-w- C:\Windows\system32\sspisrv.dll
2017-01-05 18:52:26 . 2017-01-11 13:49:46 1212928 ----a-w- C:\Windows\system32\rpcrt4.dll
2017-01-05 18:52:26 . 2017-01-11 13:49:45 345600 ----a-w- C:\Windows\system32\schannel.dll
2017-01-05 18:52:26 . 2017-01-11 13:49:45 190464 ----a-w- C:\Windows\system32\rpchttp.dll
2017-01-05 18:52:26 . 2017-01-11 13:49:44 28160 ----a-w- C:\Windows\system32\secur32.dll
2017-01-05 18:52:21 . 2017-01-11 13:49:45 312320 ----a-w- C:\Windows\system32\ncrypt.dll
2017-01-05 18:52:20 . 2017-01-11 13:49:45 316928 ----a-w- C:\Windows\system32\msv1_0.dll
2017-01-05 18:52:20 . 2017-01-11 13:49:43 60416 ----a-w- C:\Windows\system32\msobjs.dll
2017-01-05 18:52:19 . 2017-01-11 13:49:43 146432 ----a-w- C:\Windows\system32\msaudite.dll
2017-01-05 18:52:18 . 2017-01-11 13:49:46 1460736 ----a-w- C:\Windows\system32\lsasrv.dll
2017-01-05 18:52:18 . 2017-01-11 13:49:45 730624 ----a-w- C:\Windows\system32\kerberos.dll
2017-01-05 18:52:14 . 2017-01-11 13:49:44 43520 ----a-w- C:\Windows\system32\cryptbase.dll
2017-01-05 18:52:14 . 2017-01-11 13:49:44 22016 ----a-w- C:\Windows\system32\credssp.dll
2017-01-05 18:52:13 . 2017-01-11 13:49:46 463872 ----a-w- C:\Windows\system32\certcli.dll
2017-01-05 18:52:13 . 2017-01-11 13:49:45 123904 ----a-w- C:\Windows\system32\bcrypt.dll
2017-01-05 18:52:13 . 2017-01-11 13:49:43 690688 ----a-w- C:\Windows\system32\adtschema.dll
2017-01-05 17:43:17 . 2017-01-11 13:49:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-01-05 17:43:17 . 2017-01-11 13:49:45 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2017-01-05 17:43:17 . 2017-01-11 13:49:44 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2017-01-05 17:43:16 . 2017-01-11 13:49:44 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2017-01-05 17:43:15 . 2017-01-11 13:49:44 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2017-01-05 17:43:12 . 2017-01-11 13:49:45 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2017-01-05 17:43:12 . 2017-01-11 13:49:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2017-01-05 17:43:12 . 2017-01-11 13:49:44 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2017-01-05 17:43:08 . 2017-01-11 13:49:45 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2017-01-05 17:43:08 . 2017-01-11 13:49:44 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2017-01-05 17:43:08 . 2017-01-11 13:49:43 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-01-05 17:43:07 . 2017-01-11 13:49:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2017-01-05 17:43:05 . 2017-01-11 13:49:45 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2017-01-05 17:43:01 . 2017-01-11 13:49:44 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2017-01-05 17:43:00 . 2017-01-11 13:49:46 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2017-01-05 17:42:59 . 2017-01-11 13:49:43 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2017-01-05 17:32:02 . 2017-01-11 13:49:44 64000 ----a-w- C:\Windows\system32\auditpol.exe
2017-01-05 17:25:29 . 2017-01-11 13:49:45 159744 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24:54 . 2017-01-11 13:49:45 291328 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24:53 . 2017-01-11 13:49:44 129536 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24:11 . 2017-01-11 13:49:44 30720 ----a-w- C:\Windows\system32\lsass.exe
2017-01-05 17:23:20 . 2017-01-11 13:49:44 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-01-05 17:19:03 . 2017-01-11 13:49:44 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-30 03:34:16 . 2016-11-30 03:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-30 03:34:16 . 2016-11-30 03:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 03:34:16 . 2016-11-30 03:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 03:34:16 . 2016-11-30 03:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 03:27:48 . 2016-11-30 03:27:48 30400 ----a-w- C:\Windows\system32\aspnet_counters.dll
2016-11-30 03:27:48 . 2016-11-30 03:27:48 19112 ----a-w- C:\Windows\system32\msvcr110_clr0400.dll
2016-11-30 03:27:48 . 2016-11-30 03:27:48 19112 ----a-w- C:\Windows\system32\msvcr100_clr0400.dll
2016-11-30 03:27:48 . 2016-11-30 03:27:48 19112 ----a-w- C:\Windows\system32\msvcp110_clr0400.dll
2016-11-21 18:12:11 . 2016-12-14 13:49:49 109568 ----a-w- C:\Windows\system32\hlink.dll
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-02-18 06:46:30 1602248 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-02-18 06:46:30 1602248 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-02-18 06:46:30 1602248 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-02-18 06:46:30 1602248 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-02-18 06:46:30 1602248 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-01-29 02:26:55 1972936 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-01-29 02:26:55 1972936 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-01-29 02:26:55 1972936 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" [2017-02-07 04:50:20 26220296]
"WDAppManager"="C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe" [2016-08-04 16:35:54 21384]
"WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2016-08-05 15:51:16 1767816]
"DriveUtilitiesHelper"="C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2016-08-05 15:51:38 1953688]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2016-09-09 19:19:36 67384]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dbx;dbx;C:\Windows\system32\DRIVERS\dbx.sys;C:\Windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys;C:\Windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys;C:\Windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WD Backup Drive Helper;WD Backup Drive Helper;C:\Windows\SysWOW64\dllhost.exe;C:\Windows\SysWOW64\dllhost.exe [x]
R3 WD Backup Snapshot;WD Backup Snapshot;C:\Windows\SysWOW64\dllhost.exe;C:\Windows\SysWOW64\dllhost.exe [x]
R4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
R4 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe;C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R4 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe;C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R4 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe ;C:\Program Files\Dell\DellDataVault\DellDataVault.exe  [x]
R4 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\Program Files\Intel\iCLS Client\HeciServer.exe;c:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe;c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [x]
R4 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
R4 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S0 iaStorA;iaStorA;C:\Windows\system32\drivers\iaStorA.sys;C:\Windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;C:\Windows\system32\drivers\iaStorF.sys;C:\Windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\system32\drivers\NSx64\1609000.044\SYMEFASI64.SYS;C:\Windows\SYSNATIVE\drivers\NSx64\1609000.044\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20170215.002\BHDrvx64.sys;C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20170215.002\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;C:\Windows\system32\drivers\NSx64\1609000.044\ccSetx64.sys;C:\Windows\SYSNATIVE\drivers\NSx64\1609000.044\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20170215.001\IDSvia64.sys;C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20170215.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NSx64\1609000.044\Ironx64.SYS;C:\Windows\SYSNATIVE\drivers\NSx64\1609000.044\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NSx64\1609000.044\SYMNETS.SYS;C:\Windows\SYSNATIVE\Drivers\NSx64\1609000.044\SYMNETS.SYS [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DbxSvc;DbxSvc;C:\Windows\system32\DbxSvc.exe;C:\Windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\NS.exe;C:\Program Files (x86)\Norton Security\Engine\22.9.0.68\NS.exe [x]
S2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys;C:\Windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 DDDriver;DDDriver;C:\Windows\system32\drivers\DDDriver64Dcsa.sys;C:\Windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;C:\Windows\system32\drivers\DellProf.sys;C:\Windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys;C:\Windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64_prewin8.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64_prewin8.sys [x]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-07 19:05:13 1368920 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2017-02-18 C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-02 15:37:04 . 2016-11-07 13:43:46]
 
2017-02-18 C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-02 15:37:04 . 2016-11-07 13:43:46]
 
2017-02-18 C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1251146238-4233983468-471593903-1000.job
- C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe [2017-01-25 13:24:10 . 2017-01-25 13:23:55]
 
2017-02-18 C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1251146238-4233983468-471593903-1000.job
- C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe [2017-01-25 13:24:10 . 2017-01-25 13:23:55]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 287048 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-02-18 06:46:33 1659072 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-02-18 06:46:33 1659072 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-02-18 06:46:33 1659072 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-02-18 06:46:33 1659072 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-02-18 06:46:33 1659072 ----a-w- C:\Users\danielle310\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-01-29 05:42:21 2913992 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-01-29 05:42:21 2913992 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-01-29 05:42:21 2913992 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23:48 444752 ----a-w- C:\Windows\System32\mscoree.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23:48 444752 ----a-w- C:\Windows\System32\mscoree.dll
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Trusted Zone: gs.com\360
Trusted Zone: morningstar.com
Trusted Zone: schwabinstitutional.com
Trusted Zone: sharepoint.com\netorg480051
Trusted Zone: sharepoint.com\netorg480051-admin
Trusted Zone: sharepoint.com\netorg480051-files
Trusted Zone: sharepoint.com\netorg480051-my
Trusted Zone: sharepoint.com\netorg480051-myfiles
Trusted Zone: wallst.com\*.sim
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D58B250A-1A2D-4C95-B78A-598CA761793D}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DC2DDCB9-61C6-4B7B-B2BE-F515ADFCC5A7}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DC2DDCB9-61C6-4B7B-B2BE-F515ADFCC5A7}\7696E676562746F676: NameServer = 8.8.8.8,8.8.4.4
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - 
 
- - - - ORPHANS REMOVED - - - -
 
Toolbar-Locked - (no file)
SafeBoot-MBAMService


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 18 February 2017 - 03:02 PM

iqmgt,

Please do this following.

 

Step 1:

Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1251146238-4233983468-471593903-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll => No File
ShortcutWithArgument: C:\Users\danielle310\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d70141fadd380fd5\Screenwise Trends Panel.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmieefkpoaagiboijfjhidningfpomge
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1251146238-4233983468-471593903-1000 -> {A4B28E2F-61B2-4F15-B3A4-DECCCF50B8D3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\Users\danielle310\Downloads\FRST-OlderVersion
2017-01-26 11:10 - 2017-01-26 11:10 - 01100576 _____ (Symantec Corporation) C:\Users\danielle310\Downloads\NSDeluxeDownloader (1).exe
2016-09-13 17:31 - 2016-09-13 17:31 - 0007625 _____ () C:\Users\danielle310\AppData\Local\Resmon.ResmonCfg
2014-05-29 15:28 - 2014-05-29 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 iqmgt

iqmgt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 18 February 2017 - 04:31 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by danielle310 (18-02-2017 15:54:09) Run:1
Running from C:\Users\danielle310\Desktop
Loaded Profiles: danielle310 (Available Profiles: danielle310)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1251146238-4233983468-471593903-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\danielle310\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll => No File
ShortcutWithArgument: C:\Users\danielle310\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d70141fadd380fd5\Screenwise Trends Panel.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmieefkpoaagiboijfjhidningfpomge
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1251146238-4233983468-471593903-1000 -> {A4B28E2F-61B2-4F15-B3A4-DECCCF50B8D3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\Users\danielle310\Downloads\FRST-OlderVersion
2017-01-26 11:10 - 2017-01-26 11:10 - 01100576 _____ (Symantec Corporation) C:\Users\danielle310\Downloads\NSDeluxeDownloader (1).exe
2016-09-13 17:31 - 2016-09-13 17:31 - 0007625 _____ () C:\Users\danielle310\AppData\Local\Resmon.ResmonCfg
2014-05-29 15:28 - 2014-05-29 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1251146238-4233983468-471593903-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key removed successfully
C:\Users\danielle310\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d70141fadd380fd5\Screenwise Trends Panel.lnk => Shortcut argument removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1251146238-4233983468-471593903-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4B28E2F-61B2-4F15-B3A4-DECCCF50B8D3} => key removed successfully
HKCR\CLSID\{A4B28E2F-61B2-4F15-B3A4-DECCCF50B8D3} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\Users\danielle310\Downloads\FRST-OlderVersion => moved successfully
C:\Users\danielle310\Downloads\NSDeluxeDownloader (1).exe => moved successfully
C:\Users\danielle310\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{E7A34EFB-5D72-478E-B51E-DAE41BC63E49} canceled.
{9D84FAEF-FD10-44F4-9213-1FD64BA9A9A6} canceled.
{23DA1331-23C2-43EA-A185-4598B266C424} canceled.
{6A36F8FB-3CD6-4841-8CAF-295793BBC908} canceled.
{B2AEF11D-26B9-4B42-A256-4906C8C98F12} canceled.
{5BB60E58-5F7C-4F29-814C-E4E237B60092} canceled.
{C1827FC0-C644-4376-940A-92A2BBB82FC9} canceled.
7 out of 7 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 109102414 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 7978234 B
Edge => 0 B
Chrome => 714223823 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 22057637 B
LocalService => 0 B
NetworkService => 2448398 B
danielle310 => 47289621 B
 
RecycleBin => 392889 B
EmptyTemp: => 869.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:55:10 ====
 
 
# AdwCleaner v6.043 - Logfile created 18/02/2017 at 16:05:32
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : danielle310 - DEE
# Running from : C:\Users\danielle310\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files (x86)\Coupons
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\danielle310\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [5269 Bytes] - [29/11/2016 15:35:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [4872 Bytes] - [18/02/2017 16:05:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4945 Bytes] ##########
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/18/17
Scan Time: 4:13 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1295
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dee\danielle310
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372962
Time Elapsed: 6 min, 6 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 18 February 2017 - 11:04 PM

Thank you.

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 121
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit) and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

=================================================================================

Update Adobe Flash Player

Please update your Adobe Flash Player to the latest version

  • Open İnternet Explorer Browser
  • Download Adobe Flash Player here and save it to your desktop.
  • Do not accept the Optional offers
  • Uncheck "Yes, install McAfee Security Scan Plus + True Key by Intel Security- optional"
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"

İmportant Note: Please read. Only this is for the detailed information
Adobe releases the Flash Player 21.0.0.213 emergency update to resolve Critical Vulnerabilities
http://www.bleepingcomputer.com/news/security/adobe-releases-the-flash-player-21-0-0-213-emergency-update-to-resolve-critical-vulnerabilities/
====================================================================================

İnternet explorer:

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

 Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

Regards

Yılmaz


Edited by olgun52, 18 February 2017 - 11:05 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 iqmgt

iqmgt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 19 February 2017 - 01:06 AM

Thanks.  So everything should be clean now, right?  So far I haven't been seeing the problem anymore since the last steps.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 19 February 2017 - 01:15 AM

Thanks.  So everything should be clean now, right?  So far I haven't been seeing the problem anymore since the last steps.

Did you do the process? A few steps left.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 iqmgt

iqmgt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 19 February 2017 - 02:35 AM

Oh yeah.  I did that after I replied before.  I'm going to leave java uninstalled unless I run into a program that needs it.  Followed the other steps.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 19 February 2017 - 05:17 AM

Okay.

Please now do this;

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 iqmgt

iqmgt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 19 February 2017 - 01:53 PM

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : danielle310 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/19/2017 12:32:57 (Duration : 00:32:10)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen0|Suspicious.Path|VT.GrayWare[AdWare]/Win32.Coupons.w] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP.Gen0|Suspicious.Path|VT.GrayWare[AdWare]/Win32.Coupons.w] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM0 ST500DM002-1BD14 SCSI Disk Device +++++
--- User ---
[MBR] 17c89238c96695f9699f6465e91a998d
[BSP] 12f8066d1299923cd12d90ee4686949a : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 27874 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 57167872 | Size: 449025 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD My Passport 25E1 USB Device +++++
--- User ---
[MBR] b749ca3279980e04af4acfc8f6e210f5
[BSP] 7fd284fb52c67c795cf1eb3c56d573d7 : Empty MBR Code
Partition table:
0 - My Passport | Offset (sectors): 2048 | Size: 953835 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 19 February 2017 - 02:40 PM

Hello iqmgt,
Please open RogueKiller again.

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
[PUP.Gen0|Suspicious.Path|VT.GrayWare[AdWare]/Win32.Coupons.w] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP.Gen0|Suspicious.Path|VT.GrayWare[AdWare]/Win32.Coupons.w] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

========================================================================================

 ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmfulPlace a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

--------------------------------------------------------------------------------------------------------

Regards

Yılmaz

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 iqmgt

iqmgt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 19 February 2017 - 08:53 PM

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : danielle310 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/19/2017 14:54:43 (Duration : 00:31:48)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen0|Suspicious.Path|VT.GrayWare[AdWare]/Win32.Coupons.w] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Deleted
[PUP.Gen0|Suspicious.Path|VT.GrayWare[AdWare]/Win32.Coupons.w] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1251146238-4233983468-471593903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM0 ST500DM002-1BD14 SCSI Disk Device +++++
--- User ---
[MBR] 17c89238c96695f9699f6465e91a998d
[BSP] 12f8066d1299923cd12d90ee4686949a : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 27874 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 57167872 | Size: 449025 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD My Passport 25E1 USB Device +++++
--- User ---
[MBR] b749ca3279980e04af4acfc8f6e210f5
[BSP] 7fd284fb52c67c795cf1eb3c56d573d7 : Empty MBR Code
Partition table:
0 - My Passport | Offset (sectors): 2048 | Size: 953835 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\danielle310\Documents\Downloads\CouponPrinterCPS (1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\danielle310\Documents\Downloads\CouponPrinterCPS.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Windows\Installer\528f7d7.msi a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application deleted
G:\DEE\Backup Set 2017-01-26 115348\Backup Files 2017-01-26 115348\Backup files 3.zip a variant of Win32/Adware.Coupons.AA application deleted
G:\DEE\Backup Set 2017-01-31 160013\Backup Files 2017-01-31 160013\Backup files 3.zip a variant of Win32/Adware.Coupons.AA application deleted
G:\DEE\Backup Set 2017-02-06 160018\Backup Files 2017-02-06 160018\Backup files 3.zip a variant of Win32/Adware.Coupons.AA application deleted
G:\DEE\Backup Set 2017-02-09 160007\Backup Files 2017-02-09 160007\Backup files 3.zip a variant of Win32/Adware.Coupons.AA application deleted
G:\DEE\Backup Set 2017-02-14 160014\Backup Files 2017-02-14 160014\Backup files 3.zip a variant of Win32/Adware.Coupons.AA application deleted
G:\DEE\Backup Set 2017-02-17 160004\Backup Files 2017-02-17 160004\Backup files 3.zip a variant of Win32/Adware.Coupons.AA application deleted
 


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 20 February 2017 - 05:42 AM

Good work. How is your PC running now and any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users