Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

kotver!gm2 trogan Help!!!


  • This topic is locked This topic is locked
31 replies to this topic

#1 jezz60

jezz60

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 08 March 2017 - 04:48 AM

I'm going to try your removal guide on Saturday if someone could be around to give me a hand with it.

I'm running windows 10, 64bit on a laptop.

I printed your guide already. Is it safe to back up my files? This virus won't hide there will it?

Jezz



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 08 March 2017 - 08:13 PM

Hi Jezz, and welcome to Bleeping Computer.

Please call me "Ray".

I will be helping you with your computer problem. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible. Thank you for your understanding!

 

Is it safe to back up my files?


Absolutely! In fact, as you can see from my standard introduction below, I always urge users such as yourself who come to Bleeping Computer for help to make complete backups of all important files before we begin.

 

This virus won't hide there will it?

It is possible that one or more files in your backups may be infected, however, they will not cause further harm if you don't launch any executables from backups. If backups are in offline storage media, they can't interact with your computer. During the course of our removal efforts, we will identify malicious files and folders and you can delete them if any are stored with your backups.

 

 

Introduction

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything or run (or re-run) any tools without being advised to do so.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

 

 

In your next reply...

  • Please complete the items in the removal guide and copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Describe all unusual symptoms you observe on your PC.
  • Include verbatim copies of all error messages (if any).

 

If at all possible, I'd like to see your logs without delay, but I will wait until Saturday, if necessary.

 

Regards,

Ray
 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 08 March 2017 - 10:46 PM

Hi Jezz,

This is second of two consecutive posts.

Please do not perform the steps you mentioned in the removal guide. Instead, scan your PC using the following instructions and follow the Preparation Guide referenced below.

Scan using Farbar Recovery Scan Tool (FRST)

  • Please download Farbar Recovery Scan Tool (FRST) to your desktop from https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/.
  • Launch the tool by double-clicking on FRST64.exe (If the 64-bit version doesn't run, download and double-click FRST.exe).
  • Don't change any of the preset options. Just click Scan.
  • When FRST is done generating its reports, it will create them as FRST.txt and Addition.txt.
  • Copy and paste the entire contents of both reports into the body of your reply.

For an illustrated guide, see step :step6: of Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.


In your next reply...

  • Please complete the items in the Preparation Guide and copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Describe all unusual symptoms you observe on your PC.
  • Include verbatim copies of all error messages (if any).

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 11 March 2017 - 03:53 PM

thanks Ray,

Addition files

 

Windows 10 Home Version 1607 (X64) (2016-10-07 08:22:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3179264836-768581263-2926507654-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3179264836-768581263-2926507654-1007 - Limited - Enabled)
DefaultAccount (S-1-5-21-3179264836-768581263-2926507654-503 - Limited - Disabled)
Guest (S-1-5-21-3179264836-768581263-2926507654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3179264836-768581263-2926507654-1005 - Limited - Enabled)
jfraz (S-1-5-21-3179264836-768581263-2926507654-1003 - Limited - Enabled) => C:\Users\jfraz
Linda (S-1-5-21-3179264836-768581263-2926507654-1001 - Administrator - Enabled) => C:\Users\Linda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Music (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Best Buy pc app (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\e55b814e55744b76) (Version: 3.5.752.2 - Best Buy)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bookworm Adventures Deluxe 1.0 (HKLM-x32\...\Bookworm Adventures Deluxe 1.0) (Version:  - )
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
City Sights Hello Seattle! (HKLM-x32\...\City Sights Hello Seattle!_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hoyle Puzzle & Board Games 2010 (remove only) (HKLM-x32\...\Hoyle Puzzle & Board Games 2010) (Version:  - )
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jigsaw Aero Puzzle 2.0 (HKLM-x32\...\{F645261A-1676-498A-BFEE-DC9A67BBFE96}_is1) (Version:  - Sky Horse Games)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.9.0.71 - Symantec Corporation)
Norton Management (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
Photobucket Backup (HKLM-x32\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.76 - NCH Software)
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 3.31 - NCH Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Worlds Best Mahjongg Games (HKLM-x32\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
Zip Opener Packages (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0943D1BB-5FF5-46DE-AC4B-3FB7AD6A1236} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.20\SymErr.exe
Task: {155B61C0-9075-4962-8CBE-E93103EDD2E5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {24A6F551-7663-4AA2-BE84-176CF1E75348} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.20\SymErr.exe
Task: {25FE1E04-41E6-4D47-97DB-86AD7830A53F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26AF2101-2505-45C9-87A7-B56514645816} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {27FFC36D-57ED-4F32-BCC2-04D9B9D381D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2C416F40-AE0F-435F-A141-81C6E61F0B44} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: {326FCE1E-D1CF-4B56-AE9B-5DEDCEACD75C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3619F2FA-9820-40C7-A10E-782BCBAFA26E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3F69C766-A720-4044-8C9D-C52192FB09EC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {410AC4F0-D3EE-4882-B4A6-E4BA642DEB4B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-02-20] (Symantec Corporation)
Task: {4200A0FE-91E5-4D75-8542-2E04650374C0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {42660ED1-0DF0-425C-B949-9497F7B0C314} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {45FE4CC5-3DA2-4B7F-9391-C60B881E5445} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {58EC0356-C27D-4CC2-8250-3AED4E7FB160} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {628253C2-ECC6-4C40-943F-4D9E1C4B60F4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {6832F773-BA24-4552-985D-5CF865C2511E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6F726E30-5054-44CE-BFC0-82CDF69EF773} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6FABDEDA-ADE8-4365-9812-BE05C9C97E61} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {7114AEC1-2BB1-4BBC-AFA0-E516D2C2A4CE} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {746E6580-A83A-4B6B-8E3A-81DB8022F7D1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {757A0CAB-386B-4F49-A54F-57F6291AD922} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7987B060-096A-410D-8563-BEE91EA93FE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {80D80C9A-A260-40FB-AD2A-8674813E62D3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {826E68AA-0C47-4F74-B6A7-7869750211E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {85485C87-82C6-4501-8B0E-578F76C1E537} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8852CB57-EFA7-4140-A440-F34982D22210} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8E18D320-1680-4AE1-BC74-3400DAD90D2D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8FD559F2-3710-45F9-81E3-B2C2EBA5FD02} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A4739F41-3A04-4A81-8584-BD2702F060FF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B0933C8E-79ED-4E00-8F96-F34E3D830F65} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B513801C-6241-43C3-A52E-D2391EBA5EF7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B89D6441-017C-40F6-A551-F23F537E9885} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B96A6191-F1B0-431C-BAFB-23C2EBC16446} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD6986ED-8868-4D96-B62B-06A58AF8B223} - System32\Tasks\EPSON WF-3620 Series Update {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C8E47714-9F7F-4D6E-943E-699BC049BD9A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CC538433-DE2E-4E7D-BFE5-8BAD415BE398} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {CDA6B89C-8F5D-4E51-AE63-31E212DCB092} - System32\Tasks\{D8658065-FE9B-4C61-AB28-61E08EB69B6F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {CEB1C95C-71F2-47FD-AFD6-09F21F02E0DD} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {CF391564-5EB3-4F82-8BBC-A6BAD1E2E765} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D5ADBE4C-A368-433D-8454-039A57EE10FA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D7A03854-3DAE-43A3-A731-EE54B3B1AAA0} - System32\Tasks\EPSON WF-3620 Series Invitation {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DB8817E8-6C6C-42D4-B2A8-BE1A09070B7A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E286C007-F00F-4754-9DC7-EEA328DBBF2C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EAA272CD-D06D-45C2-9046-FF8896C2D598} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {EC551214-F1C0-4C1A-8F85-D91CD5E81A36} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EE25F50D-11B9-4BB5-8138-1C0185F048CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F1531AE2-D8C7-485C-9E05-FCDFEECE1DB1} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {F4D5B432-7BFD-455D-A91C-C556179FFE9B} - System32\Tasks\{D5CE802B-6F97-4303-962A-881D4DF9D1A5} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {FA440394-78F6-4AB2-A078-5849346536E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FCEC8C8E-0C10-42F7-87BC-EE8339616A58} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FEF343C2-72CA-47E3-9440-294EB5F0834C} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE :/EXE:{61B3AE45-E5B2-476B-A65B-DF6C1DAFE040} /F:Update  INDIANHEADS\INDIAN2$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Linda\AppData\Local\77820\81a64.lnk -> C:\Users\Linda\AppData\Local\77820\806cf.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 04:48 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-15 04:48 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-07 06:32 - 2016-10-07 06:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 05:02 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 05:01 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 05:01 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-04-07 19:07 - 2010-04-07 19:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-28 22:59 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-03-12 18:41 - 2010-03-12 18:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2017-02-22 04:13 - 2017-02-22 04:13 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 04:13 - 2017-02-22 04:13 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 04:13 - 2017-02-22 04:13 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 04:24 - 2017-02-06 04:25 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-12-19 20:01 - 2009-10-23 12:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3179264836-768581263-2926507654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "TWebCamera"
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\StartupApproved\Run: => "Amazon Music"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{D5403CC5-28DC-46B7-B48F-C72FBCAE55E9}] => (Allow) C:\Windows\SysWOW64\ENAgent.exe
FirewallRules: [{BF6071C9-21C1-4916-9181-341F866DF516}] => (Allow) C:\Windows\SysWOW64\ENAgent.exe
FirewallRules: [{15B599C0-4372-4F20-BA9C-F4F5F9F6763C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{A0AB70C0-5BDB-46BC-B329-FD5B443393E6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{13A50239-CC2A-4CAD-BFFA-ED8541A9A586}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D9F091E0-06C7-4B92-9541-DA097D4F249F}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D6B6004B-3B1E-42F4-A623-ABAD6F2E02D0}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{BA7EB364-3DC3-4859-9F58-9CA6396B8692}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{93B42CF0-DA9F-4A13-9DD1-14A68D98D328}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3EAF8A79-23C0-430A-AC4E-6A58C2CF1168}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{036A2F94-E1CE-41B4-9044-132582253A96}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{95958B28-0306-4B52-AEA3-8A9FE2163BE8}] => (Allow) LPort=2869
FirewallRules: [{373DAED4-330F-4CA2-8E31-8ECD465C9653}] => (Allow) LPort=1900
FirewallRules: [{D5F9DE79-62B6-4A4C-BC7E-CA18367B1022}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3466E698-89BA-4D4C-91ED-39709D968696}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{32F60DB4-4565-4DEE-9C64-1640F0BC3DB5}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{D2254E0D-F5E5-48CB-B1A3-A144370A4AA0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{696A596B-1A04-46BC-988C-0E97200EF70A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{C4F8906C-B6C4-47AE-9598-C19C4A1BE729}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{41E995EB-FAC3-4A8A-A535-0BE56DB1019F}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{5CA9C02D-D890-43BC-9582-6DD4787A200F}] => (Allow) LPort=10255
FirewallRules: [{EBB14B79-110C-41B9-98DE-CD6AA92EDEB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8499941-56C1-4CBA-BAB0-C66E436DD10F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6399E496-170E-4DC5-8009-FEBADCCCFB0A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A9371301-F12C-4DB7-8FBF-CCAF4B4F1DEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A7DEF7D-7A61-4B87-ABDD-3C833803BE38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B04722-D861-43FE-8E70-0892560A781F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-02-2017 05:14:42 Windows Update
04-03-2017 08:23:49 Scheduled Checkpoint
11-03-2017 10:01:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 03:03:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: INDIAN2)
Description: Package Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/11/2017 11:17:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 11:16:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 10:01:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 09:49:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4c47f45f
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x2298
Faulting application start time: 0x01d29a76b54b43a8
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a37d44d1-035e-4283-bb5d-4a3bbf37add9
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 09:48:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0


System errors:
=============
Error: (03/11/2017 09:51:38 AM) (Source: DCOM) (EventID: 10010) (User: INDIAN2)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

Error: (03/11/2017 09:50:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/11/2017 09:47:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 09:42:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
The operation completed successfully.

Error: (03/11/2017 09:41:02 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MCLIENT service terminated with the following service-specific error:
%%4294967295

Error: (03/11/2017 09:41:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2017 09:38:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} did not register with DCOM within the required timeout.

Error: (03/11/2017 09:38:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tile Data model server service terminated with the following error:
%%2147943515 = A system shutdown is in progress.

Error: (03/11/2017 08:37:17 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/11/2017 05:49:41 AM) (Source: DCOM) (EventID: 10010) (User: INDIAN2)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-01-16 14:00:53.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:51.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:50.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 13:57:37.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 13:57:37.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3890.67 MB
Available physical RAM: 1598.21 MB
Total Virtual: 7858.67 MB
Available Virtual: 4712.69 MB

==================== Drives ================================

Drive c: (TI106045W0C) (Fixed) (Total:582.24 GB) (Free:349.75 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#5 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 11 March 2017 - 03:56 PM

The FRST notepad:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Linda (administrator) on INDIAN2 (11-03-2017 15:43:22)
Running from C:\Users\Linda\Desktop
Loaded Profiles: Linda (Available Profiles: Linda & jfraz & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\ENAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\nis.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\conathst.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Runtime Software) \\INDIAN2\Users\Linda\dixml.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2016-11-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-28] (Google Inc.)
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Run: [Amazon Music] => C:\Users\Linda\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2013-11-24]
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-12-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-12-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-12-22]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-04-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3179264836-768581263-2926507654-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a2de306b-2db5-4a6b-924b-aff0b4a40420}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKLM -> DefaultScope {E7D7A6F1-EF00-459B-8F44-C78E1E9A7262} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {E7D7A6F1-EF00-459B-8F44-C78E1E9A7262} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {C7BC43DB-E444-4639-8CC6-A8871DA16565} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {C7BC43DB-E444-4639-8CC6-A8871DA16565} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> DefaultScope {A5E19CBB-28C9-413F-B242-0A7F03A0EEB2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS514
SearchScopes: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> {A5E19CBB-28C9-413F-B242-0A7F03A0EEB2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS514
SearchScopes: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> {C7BC43DB-E444-4639-8CC6-A8871DA16565} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> {E7D7A6F1-EF00-459B-8F44-C78E1E9A7262} URL =
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-07] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-28] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-07] (Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-3179264836-768581263-2926507654-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\s2z27qap.default-1478426252366 [2017-03-11]
FF Homepage: Mozilla\Firefox\Profiles\s2z27qap.default-1478426252366 -> hxxps://my.yahoo.com/;_ylt=A0LEVyYwAh9Y8scA3mpXNyoA;_ylu=X3oDMTEyb29zOWx1BGNvbG8DYmYxBHBvcwMxBHZ0aWQDQjE4NzlfMQRzZWMDc3I-
hxxps://us-mg6.mail.yahoo.com/neo/launch?#3260
FF Extension: (uBlock Origin) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\s2z27qap.default-1478426252366\Extensions\uBlock0@raymondhill.net.xpi [2017-03-04]
FF Extension: (About Add-ons) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\s2z27qap.default-1478426252366\Extensions\{DF3074AA-1298-95DF-4315-72E3C22B503C}.xpi [2016-11-06]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2017-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.20\coFFFw => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-01-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-08-29] (Best Buy)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-08-29] (Best Buy)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-22] (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-06]
CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-04]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-04]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-05]
CHR Extension: (Google Sheets) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-05]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-02-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-02-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R2 ENAgent; C:\WINDOWS\SysWOW64\ENAgent.exe [4209856 2012-07-05] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\NIS.exe [326160 2017-02-20] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2016-11-23] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20170306.003\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\WINDOWS\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1609000.047\ccSetx64.sys [174240 2017-02-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-11] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20170310.001\IDSvia64.sys [1038024 2017-02-16] (Symantec Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3341824 2016-07-16] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2016-11-23] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\1609000.047\SRTSP64.SYS [760992 2017-02-07] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1609000.047\SRTSPX64.SYS [49312 2017-02-07] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-07] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\1609000.047\SymELAM.sys [24616 2017-02-07] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-02-14] (Symantec Corporation)
R1 SymIM; C:\WINDOWS\system32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1609000.047\Ironx64.SYS [291480 2017-02-07] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\1609000.047\SYMNETS.SYS [567512 2017-02-07] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 15:43 - 2017-03-11 15:44 - 00028890 _____ C:\Users\Linda\Desktop\FRST.txt
2017-03-11 14:37 - 2017-03-11 15:43 - 00000000 ____D C:\FRST
2017-03-11 11:05 - 2017-03-11 13:31 - 00000000 ____D C:\Users\Linda\lapbackup
2017-03-11 10:52 - 2017-03-11 10:52 - 02657967 _____ C:\Users\Linda\gdbnt.zip
2017-03-11 10:51 - 2017-03-11 10:51 - 08257856 _____ (Runtime Software, LLC ) C:\Users\Linda\Desktop\gdbsimsetup.exe
2017-03-11 10:46 - 2017-03-11 10:46 - 00001463 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2017-03-11 10:46 - 2017-03-11 10:46 - 00000588 _____ C:\Users\Linda\install.sss
2017-03-11 10:46 - 2017-03-11 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2017-03-11 10:46 - 2017-03-11 10:45 - 00414443 _____ C:\Users\Linda\Uninstall.exe
2017-03-11 10:42 - 2017-03-11 10:57 - 02023440 _____ C:\Users\Linda\Desktop\dixmlsetup.exe
2017-03-11 10:22 - 2017-03-11 14:34 - 02424320 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2017-03-11 09:37 - 2017-03-11 09:37 - 00014858 _____ C:\WINDOWS\system32\.crusader
2017-03-11 09:20 - 2017-03-11 09:41 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-03-11 09:18 - 2017-03-11 09:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-11 09:17 - 2017-03-11 09:19 - 11581544 _____ (SurfRight B.V.) C:\Users\Linda\Desktop\HitmanPro_x64.exe
2017-03-11 08:49 - 2017-03-11 09:15 - 02744744 _____ (Symantec Corporation) C:\Users\Linda\Desktop\FixTool64.exe
2017-03-11 08:44 - 2017-03-11 08:45 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Linda\Documents\rkill.com
2017-03-07 19:14 - 2017-03-07 19:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Linda\Documents\rkill.exe
2017-03-07 18:42 - 2014-12-15 17:00 - 00162112 _____ C:\WINDOWS\ntbtlog.txt
2017-03-07 18:39 - 2017-03-07 18:39 - 03423928 _____ (Symantec Corporation) C:\Users\Linda\Documents\NPE.exe
2017-03-05 09:44 - 2017-03-05 09:44 - 00000000 ____D C:\Program Files\NortonInstaller
2017-02-23 05:23 - 2017-02-23 05:23 - 00003404 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-02-19 07:52 - 2017-02-19 07:52 - 00000000 ____D C:\Users\Linda\AppData\LocalLow\Sun
2017-02-15 05:30 - 2017-03-11 15:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 15:38 - 2016-10-07 02:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-11 15:25 - 2016-11-19 04:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-11 11:17 - 2016-10-07 06:23 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-03-11 11:05 - 2016-10-07 02:47 - 00000000 ____D C:\Users\Linda
2017-03-11 10:20 - 2016-10-07 03:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-03-11 09:50 - 2016-11-19 07:49 - 00000000 ____D C:\Users\Linda\AppData\LocalLow\Mozilla
2017-03-11 09:42 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-11 09:41 - 2016-01-02 08:04 - 00004418 _____ C:\WINDOWS\SysWOW64\ÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ
2017-03-11 09:40 - 2016-10-07 03:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 09:39 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-03-11 09:36 - 2016-10-20 04:03 - 00000000 ____D C:\Users\Linda\AppData\Local\77820
2017-03-11 06:02 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-11 06:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 04:10 - 2012-12-16 12:28 - 00000000 ____D C:\Users\Linda\AppData\Local\CrashDumps
2017-03-08 04:07 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-07 19:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration
2017-03-07 19:19 - 2016-11-06 06:28 - 00003554 _____ C:\Users\Linda\Desktop\Rkill.txt
2017-03-07 18:48 - 2013-08-02 04:41 - 00000000 ____D C:\Users\Linda\AppData\Local\NPE
2017-03-07 18:43 - 2014-11-14 06:02 - 00000000 ____D C:\NPE
2017-03-06 13:54 - 2016-12-05 10:15 - 00000000 ____D C:\Users\jfraz\AppData\LocalLow\Mozilla
2017-03-05 09:06 - 2012-12-21 20:06 - 00000000 ____D C:\Users\Linda\AppData\Local\Google
2017-03-04 08:44 - 2016-11-11 09:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-28 04:32 - 2016-12-14 04:12 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 04:32 - 2015-11-26 16:37 - 00002412 _____ C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 04:32 - 2015-11-26 16:37 - 00000000 ___RD C:\Users\Linda\OneDrive
2017-02-27 13:47 - 2015-11-26 16:54 - 00002412 _____ C:\Users\jfraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-27 13:47 - 2015-11-26 16:54 - 00000000 ___RD C:\Users\jfraz\OneDrive
2017-02-27 13:44 - 2015-11-26 16:46 - 00000000 ____D C:\Users\jfraz\AppData\Local\Packages
2017-02-24 05:07 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 16:47 - 2016-04-03 07:10 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-23 05:25 - 2014-11-14 05:06 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2017-02-23 05:23 - 2015-07-14 03:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-02-23 05:23 - 2014-11-14 05:08 - 00002495 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-02-23 05:18 - 2013-08-14 04:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 05:18 - 2013-01-03 18:03 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 04:19 - 2016-08-09 07:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 05:58 - 2012-12-16 11:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-16 04:14 - 2014-08-18 15:44 - 00000000 ____D C:\Users\Linda\AppData\Local\Adobe
2017-02-16 04:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 04:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 05:24 - 2014-11-14 05:05 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2017-02-14 04:18 - 2012-12-06 16:04 - 00102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-02-14 04:18 - 2012-12-06 16:04 - 00008298 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT

==================== Files in the root of some directories =======

2014-02-02 07:23 - 2014-11-14 05:44 - 0000115 _____ () C:\Users\Linda\AppData\Roaming\WB.CFG
2013-07-10 04:18 - 2014-02-23 13:26 - 0000486 _____ () C:\Users\Linda\AppData\Roaming\wklnhst.dat
2015-02-18 09:13 - 2015-02-18 09:13 - 0007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2013-06-17 05:57 - 2013-06-17 05:57 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Linda\dixml.exe
C:\Users\Linda\Uninstall.exe
C:\Users\Linda\vss64.exe
C:\Users\Linda\vss642008.exe
C:\Users\Linda\vss642008r2.exe
C:\Users\Linda\vssserv.dll
C:\Users\Linda\vssvista.dll
C:\Users\Linda\vssxp.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 04:47

==================== End of FRST.txt ============================



#6 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 12 March 2017 - 08:33 PM

Hi Jezz,

 

I noticed that you downloaded and ran Symantec's Kotver Removal Tool. Do you still need help with your PC? If so, please do the following instructions. If not, please reply one more time to let us know we can close this topic.
 
The Addition.txt log you supplied is incomplete. If you still have the file, please copy and paste the entire contents into your reply. If you didn't retain the log, please rerun FRST64.exe and send me Addition.txt from that scan.
 
Also, In my introduction, I said:

Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.

You didn't respond to  two of the items I requested:

  • Describe all unusual symptoms you observe on your PC.
  • Include verbatim copies of all error messages (if any).

It is good practice to copy into your reply the summary I supply at the bottom of my posts and then intersperse your responses between my bullet points. If there are no error messages to report, please acknowledge that fact and tell me there were no error messages.

 

 

In your next reply...

  • Copy and paste the entire contents of Addition.txt into the body of your message.
  • Describe all unusual symptoms you observe on your PC. How far did you get with the Symantec tool?
  • Include verbatim copies of all error messages (if any).

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 13 March 2017 - 03:15 AM

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Linda (11-03-2017 15:45:31)
Running from C:\Users\Linda\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-07 08:22:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3179264836-768581263-2926507654-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3179264836-768581263-2926507654-1007 - Limited - Enabled)
DefaultAccount (S-1-5-21-3179264836-768581263-2926507654-503 - Limited - Disabled)
Guest (S-1-5-21-3179264836-768581263-2926507654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3179264836-768581263-2926507654-1005 - Limited - Enabled)
jfraz (S-1-5-21-3179264836-768581263-2926507654-1003 - Limited - Enabled) => C:\Users\jfraz
Linda (S-1-5-21-3179264836-768581263-2926507654-1001 - Administrator - Enabled) => C:\Users\Linda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Music (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Best Buy pc app (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\e55b814e55744b76) (Version: 3.5.752.2 - Best Buy)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bookworm Adventures Deluxe 1.0 (HKLM-x32\...\Bookworm Adventures Deluxe 1.0) (Version:  - )
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
City Sights Hello Seattle! (HKLM-x32\...\City Sights Hello Seattle!_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hoyle Puzzle & Board Games 2010 (remove only) (HKLM-x32\...\Hoyle Puzzle & Board Games 2010) (Version:  - )
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jigsaw Aero Puzzle 2.0 (HKLM-x32\...\{F645261A-1676-498A-BFEE-DC9A67BBFE96}_is1) (Version:  - Sky Horse Games)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.9.0.71 - Symantec Corporation)
Norton Management (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
Photobucket Backup (HKLM-x32\...\{98813202-6C6E-4ABE-A128-6E8FB3368BE0}) (Version: 1.0.7.2104 - Photobucket)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.76 - NCH Software)
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 3.31 - NCH Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Worlds Best Mahjongg Games (HKLM-x32\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
Zip Opener Packages (HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0943D1BB-5FF5-46DE-AC4B-3FB7AD6A1236} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.5.20\SymErr.exe
Task: {155B61C0-9075-4962-8CBE-E93103EDD2E5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {24A6F551-7663-4AA2-BE84-176CF1E75348} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.5.20\SymErr.exe
Task: {25FE1E04-41E6-4D47-97DB-86AD7830A53F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26AF2101-2505-45C9-87A7-B56514645816} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {27FFC36D-57ED-4F32-BCC2-04D9B9D381D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2C416F40-AE0F-435F-A141-81C6E61F0B44} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: {326FCE1E-D1CF-4B56-AE9B-5DEDCEACD75C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3619F2FA-9820-40C7-A10E-782BCBAFA26E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3F69C766-A720-4044-8C9D-C52192FB09EC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {410AC4F0-D3EE-4882-B4A6-E4BA642DEB4B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-02-20] (Symantec Corporation)
Task: {4200A0FE-91E5-4D75-8542-2E04650374C0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {42660ED1-0DF0-425C-B949-9497F7B0C314} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {45FE4CC5-3DA2-4B7F-9391-C60B881E5445} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {58EC0356-C27D-4CC2-8250-3AED4E7FB160} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {628253C2-ECC6-4C40-943F-4D9E1C4B60F4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {6832F773-BA24-4552-985D-5CF865C2511E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6F726E30-5054-44CE-BFC0-82CDF69EF773} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6FABDEDA-ADE8-4365-9812-BE05C9C97E61} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {7114AEC1-2BB1-4BBC-AFA0-E516D2C2A4CE} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {746E6580-A83A-4B6B-8E3A-81DB8022F7D1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {757A0CAB-386B-4F49-A54F-57F6291AD922} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7987B060-096A-410D-8563-BEE91EA93FE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {80D80C9A-A260-40FB-AD2A-8674813E62D3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {826E68AA-0C47-4F74-B6A7-7869750211E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {85485C87-82C6-4501-8B0E-578F76C1E537} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8852CB57-EFA7-4140-A440-F34982D22210} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8E18D320-1680-4AE1-BC74-3400DAD90D2D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8FD559F2-3710-45F9-81E3-B2C2EBA5FD02} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A4739F41-3A04-4A81-8584-BD2702F060FF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B0933C8E-79ED-4E00-8F96-F34E3D830F65} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B513801C-6241-43C3-A52E-D2391EBA5EF7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B89D6441-017C-40F6-A551-F23F537E9885} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B96A6191-F1B0-431C-BAFB-23C2EBC16446} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD6986ED-8868-4D96-B62B-06A58AF8B223} - System32\Tasks\EPSON WF-3620 Series Update {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C8E47714-9F7F-4D6E-943E-699BC049BD9A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CC538433-DE2E-4E7D-BFE5-8BAD415BE398} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {CDA6B89C-8F5D-4E51-AE63-31E212DCB092} - System32\Tasks\{D8658065-FE9B-4C61-AB28-61E08EB69B6F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {CEB1C95C-71F2-47FD-AFD6-09F21F02E0DD} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {CF391564-5EB3-4F82-8BBC-A6BAD1E2E765} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D5ADBE4C-A368-433D-8454-039A57EE10FA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D7A03854-3DAE-43A3-A731-EE54B3B1AAA0} - System32\Tasks\EPSON WF-3620 Series Invitation {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {DB8817E8-6C6C-42D4-B2A8-BE1A09070B7A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E286C007-F00F-4754-9DC7-EEA328DBBF2C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EAA272CD-D06D-45C2-9046-FF8896C2D598} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {EC551214-F1C0-4C1A-8F85-D91CD5E81A36} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EE25F50D-11B9-4BB5-8138-1C0185F048CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F1531AE2-D8C7-485C-9E05-FCDFEECE1DB1} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {F4D5B432-7BFD-455D-A91C-C556179FFE9B} - System32\Tasks\{D5CE802B-6F97-4303-962A-881D4DF9D1A5} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {FA440394-78F6-4AB2-A078-5849346536E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FCEC8C8E-0C10-42F7-87BC-EE8339616A58} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FEF343C2-72CA-47E3-9440-294EB5F0834C} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {61B3AE45-E5B2-476B-A65B-DF6C1DAFE040}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE :/EXE:{61B3AE45-E5B2-476B-A65B-DF6C1DAFE040} /F:Update  INDIANHEADS\INDIAN2$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Linda\AppData\Local\77820\81a64.lnk -> C:\Users\Linda\AppData\Local\77820\806cf.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 04:48 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-15 04:48 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-07 06:32 - 2016-10-07 06:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 05:02 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 05:01 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 05:01 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 05:01 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-04-07 19:07 - 2010-04-07 19:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-28 22:59 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-03-12 18:41 - 2010-03-12 18:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2017-02-22 04:13 - 2017-02-22 04:13 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 04:13 - 2017-02-22 04:13 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 04:13 - 2017-02-22 04:13 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 04:24 - 2017-02-06 04:25 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-12-19 20:01 - 2009-10-23 12:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3179264836-768581263-2926507654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "TWebCamera"
HKU\S-1-5-21-3179264836-768581263-2926507654-1001\...\StartupApproved\Run: => "Amazon Music"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{D5403CC5-28DC-46B7-B48F-C72FBCAE55E9}] => (Allow) C:\Windows\SysWOW64\ENAgent.exe
FirewallRules: [{BF6071C9-21C1-4916-9181-341F866DF516}] => (Allow) C:\Windows\SysWOW64\ENAgent.exe
FirewallRules: [{15B599C0-4372-4F20-BA9C-F4F5F9F6763C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{A0AB70C0-5BDB-46BC-B329-FD5B443393E6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{13A50239-CC2A-4CAD-BFFA-ED8541A9A586}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D9F091E0-06C7-4B92-9541-DA097D4F249F}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D6B6004B-3B1E-42F4-A623-ABAD6F2E02D0}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{BA7EB364-3DC3-4859-9F58-9CA6396B8692}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{93B42CF0-DA9F-4A13-9DD1-14A68D98D328}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3EAF8A79-23C0-430A-AC4E-6A58C2CF1168}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{036A2F94-E1CE-41B4-9044-132582253A96}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{95958B28-0306-4B52-AEA3-8A9FE2163BE8}] => (Allow) LPort=2869
FirewallRules: [{373DAED4-330F-4CA2-8E31-8ECD465C9653}] => (Allow) LPort=1900
FirewallRules: [{D5F9DE79-62B6-4A4C-BC7E-CA18367B1022}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3466E698-89BA-4D4C-91ED-39709D968696}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{32F60DB4-4565-4DEE-9C64-1640F0BC3DB5}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{D2254E0D-F5E5-48CB-B1A3-A144370A4AA0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{696A596B-1A04-46BC-988C-0E97200EF70A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{C4F8906C-B6C4-47AE-9598-C19C4A1BE729}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{41E995EB-FAC3-4A8A-A535-0BE56DB1019F}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{5CA9C02D-D890-43BC-9582-6DD4787A200F}] => (Allow) LPort=10255
FirewallRules: [{EBB14B79-110C-41B9-98DE-CD6AA92EDEB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8499941-56C1-4CBA-BAB0-C66E436DD10F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6399E496-170E-4DC5-8009-FEBADCCCFB0A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A9371301-F12C-4DB7-8FBF-CCAF4B4F1DEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A7DEF7D-7A61-4B87-ABDD-3C833803BE38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B04722-D861-43FE-8E70-0892560A781F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-02-2017 05:14:42 Windows Update
04-03-2017 08:23:49 Scheduled Checkpoint
11-03-2017 10:01:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 03:03:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: INDIAN2)
Description: Package Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/11/2017 11:17:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 11:16:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 10:01:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 09:49:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4c47f45f
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x2298
Faulting application start time: 0x01d29a76b54b43a8
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a37d44d1-035e-4283-bb5d-4a3bbf37add9
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 09:48:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 09:41:01 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0


System errors:
=============
Error: (03/11/2017 09:51:38 AM) (Source: DCOM) (EventID: 10010) (User: INDIAN2)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

Error: (03/11/2017 09:50:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/11/2017 09:47:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 09:42:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
The operation completed successfully.

Error: (03/11/2017 09:41:02 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MCLIENT service terminated with the following service-specific error:
%%4294967295

Error: (03/11/2017 09:41:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2017 09:38:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} did not register with DCOM within the required timeout.

Error: (03/11/2017 09:38:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tile Data model server service terminated with the following error:
%%2147943515 = A system shutdown is in progress.

Error: (03/11/2017 08:37:17 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/11/2017 05:49:41 AM) (Source: DCOM) (EventID: 10010) (User: INDIAN2)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-01-16 14:00:53.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:53.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:51.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 14:00:50.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 13:57:37.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-16 13:57:37.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3890.67 MB
Available physical RAM: 1598.21 MB
Total Virtual: 7858.67 MB
Available Virtual: 4712.69 MB

==================== Drives ================================

Drive c: (TI106045W0C) (Fixed) (Total:582.24 GB) (Free:349.75 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#8 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 13 March 2017 - 03:41 AM

Above is the Addition txt again.

To answer your questions:

 

In your next reply...

  • Copy and paste the entire contents of Addition.txt into the body of your message.
  • Describe all unusual symptoms you observe on your PC. How far did you get with the Symantec tool?
  • Include verbatim copies of all error messages (if any).

A copy of addition was posted again. Erro messages are listed at the end

 

The symptoms I had were Insistent slow sluggish foxfire loading, repeated message from Norton that the kotver!gm2 trojan was found, a couple  SONAR virus windows kept popping up. Then it started not letting me open pdf's that were sent to me. Seems once I reboot this restarts the virus  with Norton's notification and SONAR again upon opening foxfire.

 

And yes I did run Symantec's Kotver Removal Tool without any issues. I ran completely without any issues.

 

I am not sure with I got all of the trojan virus out yet. Is there something more I can do to find out? I haven't rebooted my computer since I did all this due to the fact that that's when the virus starts up again. I needed to be able to post this message.

Please look at the errors in the FRST and Addition runs and see if this is something you can help me with. I'm afraid I don't know what I'm looking at.

 

Rebooting now, Then I have to run to work. Please don't close this until I see your reply later tonight.

Thanks,

Jezz



#9 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 13 March 2017 - 04:04 AM

Rebooted with no errors. Except it's still slow in rebooting. And still extra slow in booting foxfire. Maybe I still have stuff in the boot up log files that's causing this.

 What can I do to show you my boot log files? Or what else can I do to see if this trojan is gone?



#10 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 13 March 2017 - 08:38 PM

Hi Jezz,

 

Thanks for telling me about the boot up log. Please hold onto it  --  I may ask to see it later.

 

 

 

Rebooted with no errors.

That's a very good sign. Thank you for that info. Please confirm that you are no longer seeing warnings from Norton, that SONAR virus windows no longer pop up, and that you can open PDF files normally.

 

 

Except it's still slow in rebooting. And still extra slow in booting foxfire. Maybe I still have stuff in the boot up log files that's causing this.
Or what else can I do to see if this trojan is gone?

I am analyzing Frst.txt and Addition.txt now. This can take many hours. If it approaches 48 hours, I'll give you an interim report.

 

When you say "foxfire" I assume you are referring to the Firefox browser. The discrepancy is not important as long as I understand what you are saying.

 

 

 

Please don't close this until I see your reply later tonight.

This topic will remain open until we resolve all pending issues. Thank you for being patient.

 

 

 

In my initial perusal of the logs you supplied, I see Group Policy restrictions and a restriction on Microsoft Internet Explorer. Did you apply these restrictions intentionally or do you know of purposely installed software which might be imposing these restrictions?

 

 

 

In your next reply...

  • Please confirm that you are no longer seeing warnings from Norton, that SONAR virus windows no longer pop up, and that you can open PDF files normally.
  • Tell me about any restrictions you applied to Group Policy or to Microsoft Internet Explorer.
  • Is slow performance occurring only during initial boot up and launch of Firefox, or does your PC continue to run slowly during normal operations?

 

Regards,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 14 March 2017 - 03:29 AM

  • Please confirm that you are no longer seeing warnings from Norton, that SONAR virus windows no longer pop up, and that you can open PDF files normally.

I am no longer seeing Norton or Sonar windows. My saved PDF windows can open ok, I don't have the PDF I was trying to load from an email.

  • Tell me about any restrictions you applied to Group Policy or to Microsoft Internet Explorer.

I didn't apply any group policies or Internet Explorer restrictions. Except for the one IE being my default browser. I didn't change that. I use chrome or firefox(and yes I do sometimes call it foxfire)

  • Is slow performance occurring only during initial boot up and launch of Firefox, or does your PC continue to run slowly during normal operations?

I still do not get instant reaction when clicking on firefox browser to open up. It's not as slow as it was. I do not get the sonar windows anymore. Booting my pc is still slow to get into windows too. But it's been slow since windows 10 decided to load without me wanting it to. This laptop was originally windows 7



#12 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 14 March 2017 - 03:30 AM

Hey thanks Ray for your help!



#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 16 March 2017 - 03:27 PM

Hi Jezz,

Thank you for your reply.
 

Booting my pc is still slow to get into windows too. But it's been slow since windows 10 decided to load without me wanting it to.

Win10 is more secure, and Microsoft support will continue for it (maybe indefinitely) far longer than it will for earlier versions of the Operating System. Your system is mostly clean of malware, and my intention is to clean the remnants, but also to help you configure for better performance.


Please perform all the steps below, but pay particular attention to the Autoruns section. By disabling the automatic launch of unnecessary processes, you can improve your boot-up performance.



Do System File Check

  • Please press and hold down the Windows key and type X on your keyboard at the same time.
  • Click Command Prompt (Admin).
  • The black Select Administrator Command Prompt window will open.
  • Copy and paste sfc /scannow into that window, and press Enter.
  • Allow the process time to complete.
  • When done, copy and paste the entire contents of the black window into your reply.

 

 

 

We need to remove some programs with Revo Uninstaller (Free):

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If any program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.

  • Please download and install Revo Uninstaller Free.
    note: there is no need to click anything on that page. The download will start automatically.
  • Double click Revo Uninstaller to run it.
  • From the list of programs, double click on the following program(s), or anything similar, to remove it (them):
    Zip Opener Packages
  • When prompted if you want to uninstall, click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run. If prompted again, click Yes.
  • When the built-in uninstaller is finished, click Next.
  • After the program has searched for leftovers, click Next.
  • Check the items in bold only on the list. Then click Delete.
    note: you may have to expand some folders by clicking the "+" mark.
  • When prompted, click Yes and then Next.
  • Put a checkmark on any folders that are found and select Delete.
  • When prompted, select Yes then Next.
  • When done, click Finish.

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

Start

CloseProcesses:
C:\WINDOWS\SysWOW64\ÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ
C:\Users\Linda\Uninstall.exe
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3179264836-768581263-2926507654-1003\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

End
  • Please press and hold down the Windows key and type R on your keyboard at the same time. This will open the Run dialog box.
  • Type Notepad into the Run box and click OK.
  • Please copy and paste the entire contents of the code box below into a new file.
  • On the Notepad menu, click Format and remove the checkmark from Word Wrap.
  • Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
  • The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.

 


Let's run FRST in Search mode

  • Double-click on FRST64.exe to open it.
  • In the search box, type the following:
    *mscorsvw.exe*
  • Press Search Files and wait for FRST to complete the search.
  • A log file (Search.txt) will open in the same folder where FRST is located when complete. Please post the contents into your next reply.

 

 

Disable Autoruns Entries

  • Please download AutoRuns and save it to your desktop.
  • Double click the AutoRuns.zip folder (or, if necessary, right click and select Extract.)
  • Double click autoruns.exe for 32 bit computers or autoruns64.exe for 64 bit computers to launch the program.
  • Uncheck any items you do not need to launch every time your PC boots up. Note: This does not mean you can't run the program. It only means that it won't automatically launch at startup whether you use it or not.
  • If you are unsure about an entry, you can Google it or check the item in the BleepingComputer Startup List or you can ask me about it.
  • Reboot your computer and note any performance improvement.

Note that we will trim some of the burden from your browsers in a later post.

 

In your next reply...

  • Copy and paste the entire SFC scan session into the body of your message.
  • Confirm you were able to delete Zip Opener Packages and any similarly named programs.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of Search.txt into the body of your message.
  • Did you disable a significant number of start-up items in Autoruns?
  • How is your computer running now?

 

 

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 18 March 2017 - 07:01 AM

This is the system file check

 

Microsoft Windows [Version 10.0.14393]
© 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\WINDOWS\system32>

 



#15 jezz60

jezz60
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:10:48 AM

Posted 18 March 2017 - 08:07 AM

This was what is in the Fixlog.txt

 

Start Trojan.Kotver check...

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users